Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1.exe

Overview

General Information

Sample name:1.exe
Analysis ID:1430913
MD5:0eac667cbce1c13116b0a40908d8695f
SHA1:e1212710726edd46307071c651fbaa8847b6c6a1
SHA256:02c2d998d15695f75ee2768a4fc0cbc30898ef772ae081518d1fc78b5e1decbb
Tags:exe
Infos:

Detection

Hancitor
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Hancitor
Allocates memory in foreign processes
Creates an undocumented autostart registry key
Creates files in the recycle bin to hide itself
Disables security and backup related services
Drops executable to a common third party application directory
Infects executable files (exe, dll, sys, html)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has nameless sections
Sigma detected: Suspicious Windows Service Tampering
Writes to foreign memory regions
Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion NT Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • 1.exe (PID: 4324 cmdline: "C:\Users\user\Desktop\1.exe" MD5: 0EAC667CBCE1C13116B0A40908D8695F)
    • net.exe (PID: 4436 cmdline: net stop "Kingsoft AntiVirus Service" MD5: 31890A7DE89936F922D44D677F681A7F)
      • conhost.exe (PID: 6584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • net1.exe (PID: 4744 cmdline: C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service" MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
    • net.exe (PID: 1864 cmdline: net stop "Kingsoft AntiVirus Service" MD5: 31890A7DE89936F922D44D677F681A7F)
      • conhost.exe (PID: 6484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • net1.exe (PID: 4856 cmdline: C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service" MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
    • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • notepad.exe (PID: 4128 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_desktop.ini MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
HancitorHancitor(aka Chanitor) emerged in 2013 which spread via social engineering techniques mainly through phishing mails embedded with malicious link and weaponized Microsoft office document contains malicious macro in it.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.hancitor

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    Process Memory Space: 1.exe PID: 4324JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      Process Memory Space: 1.exe PID: 4324JoeSecurity_HancitorYara detected HancitorJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Suspicious Windows Service Tampering
        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: net stop "Kingsoft AntiVirus Service", CommandLine: net stop "Kingsoft AntiVirus Service", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "C:\Users\user\Desktop\1.exe", ParentImage: C:\Users\user\Desktop\1.exe, ParentProcessId: 4324, ParentProcessName: 1.exe, ProcessCommandLine: net stop "Kingsoft AntiVirus Service", ProcessId: 4436, ProcessName: net.exe
        Sigma detected: CurrentVersion NT Autorun Keys Modification
        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\rundl132.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\1.exe, ProcessId: 4324, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load
        Sigma detected: Net.exe Execution
        Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net stop "Kingsoft AntiVirus Service", CommandLine: net stop "Kingsoft AntiVirus Service", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "C:\Users\user\Desktop\1.exe", ParentImage: C:\Users\user\Desktop\1.exe, ParentProcessId: 4324, ParentProcessName: 1.exe, ProcessCommandLine: net stop "Kingsoft AntiVirus Service", ProcessId: 4436, ProcessName: net.exe
        Sigma detected: Stop Windows Service Via Net.EXE
        Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: net stop "Kingsoft AntiVirus Service", CommandLine: net stop "Kingsoft AntiVirus Service", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: "C:\Users\user\Desktop\1.exe", ParentImage: C:\Users\user\Desktop\1.exe, ParentProcessId: 4324, ParentProcessName: 1.exe, ProcessCommandLine: net stop "Kingsoft AntiVirus Service", ProcessId: 4436, ProcessName: net.exe

        Snort Signatures

        Timestamp:04/24/24-11:05:56.509366
        SID:2804962
        Protocol:ICMP
        Classtype:A Network Trojan was detected
        Timestamp:04/24/24-11:05:56.509420
        SID:2008017
        Protocol:ICMP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: 1.exeAvira: detected
        Antivirus detection for URL or domain
        Source: http://258ip.com/down/update1.exehttp://258ip.com/down/update2.exehttp://258ip.com/down/update3.exehAvira URL Cloud: Label: malware
        Antivirus detection for dropped file
        Source: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXEAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeAvira: detection malicious, Label: W32/Viking.BD.Upk
        Multi AV Scanner detection for dropped file
        Source: C:\Windows\Dll.dllReversingLabs: Detection: 86%
        Source: C:\Windows\rundl132.exeReversingLabs: Detection: 97%
        Multi AV Scanner detection for submitted file
        Source: 1.exeVirustotal: Detection: 87%Perma Link
        Machine Learning detection for dropped file
        Source: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXEJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJoe Sandbox ML: detected
        Source: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJoe Sandbox ML: detected
        Machine Learning detection for sample
        Source: 1.exeJoe Sandbox ML: detected

        Location Tracking

        barindex
        Yara detected Hancitor
        Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4324, type: MEMORYSTR
        Source: 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\7-Zip\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\7-Zip\Lang\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themeless_Reader\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\ccpdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\themeless\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\_desktop.iniJump to behavior
        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: 1.exe, 00000000.00000003.2288712461.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe.0.dr
        Source: Binary string: NisSrv.pdb source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: ADelRCP_Exec.pdb source: 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroCEF\AcroCEF.pdbI source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: plugin-container.pdb source: 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: crashreporter.pdb source: 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatExe.pdb source: 1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: Acrobat_SL.pdb((( source: 1.exe, 00000000.00000003.2072329052.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\initialexe\chrome.exe.pdb source: 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler64_unsigned.pdb source: 1.exe, 00000000.00000003.2303685427.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, GoogleCrashHandler64.exe.0.dr
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AdobeCollabSync.pdb# source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: pingsender.pdb source: 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe.pdb source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_acro.pdbT source: 1.exe, 00000000.00000003.2094191005.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: ADelRCP_Exec.pdbCC9 source: 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: 1.exe, 00000000.00000003.2287533320.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.dr
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb00 source: unpack200.exe.0.dr
        Source: Binary string: private_browsing.pdb source: 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: Acrobat_SL.pdb source: 1.exe, 00000000.00000003.2072329052.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: 1.exe, 00000000.00000003.2299846343.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler_unsigned.pdb source: 1.exe, 00000000.00000003.2302768967.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.dr
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: 1.exe, 00000000.00000003.2083949774.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: VSTOInstaller.pdb source: 1.exe, 00000000.00000003.2299284398.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, VSTOInstaller.exe.0.dr
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\elevation_service.exe.pdb source: 1.exe, 00000000.00000003.2209901402.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: 64BitMAPIBroker.pdb source: 1.exe, 00000000.00000003.2099466968.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: maintenanceservice.pdb source: 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Users\jim\Desktop\metro research\ApplicationID\Release\ApplicationID.pdb source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: firefox.pdb source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb source: 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: firefox.pdbP source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: GoogleUpdate_unsigned.pdb source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\setup.exe.pdb source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: private_browsing.pdbp source: 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: 1.exe, 00000000.00000003.2099192699.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: 1.exe, 00000000.00000003.2083949774.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\setupexe\x-none\LicLua.pdb source: 1.exe, 00000000.00000003.2296957210.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_pwa_launcher.exe.pdb source: 1.exe, 00000000.00000003.2207469171.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: maintenanceservice.pdb` source: 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release\AcrobatExe.pdb source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdbr source: 1.exe, 00000000.00000003.2287533320.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: 1.exe, 00000000.00000003.2084471694.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler64_unsigned.pdbl source: 1.exe, 00000000.00000003.2303685427.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, GoogleCrashHandler64.exe.0.dr
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\jre-image\bin\javaws.pdb8 source: 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler_unsigned.pdbp source: 1.exe, 00000000.00000003.2302768967.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdb source: 1.exe, 00000000.00000003.2083187341.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\workspace\RT_Win_8_2\Mainline\public\binary\Win\x64\Release\LogTransport2.pdbTTNGCTL source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: minidump-analyzer.pdb source: 1.exe, 00000000.00000003.2241462892.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_proxy.exe.pdb source: 1.exe, 00000000.00000003.2205445463.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\setupexe\x-none\LicLua.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: 1.exe, 00000000.00000003.2296957210.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_acro.pdb source: 1.exe, 00000000.00000003.2094191005.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\notification_helper.exe.pdb source: 1.exe, 00000000.00000003.2212956369.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: NisSrv.pdbGCTL source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb22 source: 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\SciTE\SciTE.pdb source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.0.dr
        Source: Binary string: default-browser-agent.pdb source: 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: updater.pdb source: 1.exe, 00000000.00000003.2244536391.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: 1.exe, 00000000.00000003.2099192699.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AdobeCollabSync.pdb source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: 1.exe, 00000000.00000003.2300597090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroCEF\AcroCEF.pdb source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: 1.exe, 00000000.00000003.2084471694.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\mozilla-source\mozilla-central\other-licenses\nsis\Contrib\HttpPostFile\Release\HttpPostFile.pdb source: 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdbQ source: 1.exe, 00000000.00000003.2083187341.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\workspace\RT_Win_8_2\Mainline\public\binary\Win\x64\Release\LogTransport2.pdb source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmp

        Spreading

        barindex
        Infects executable files (exe, dll, sys, html)
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: z:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: y:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: x:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: w:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: v:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: u:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: t:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: s:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: r:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: q:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: p:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: o:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: n:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: m:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: l:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: k:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: j:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: i:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: h:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: g:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: f:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile opened: e:Jump to behavior
        Source: C:\Windows\explorer.exeFile opened: c:Jump to behavior
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404A80 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_00404A80
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404A7E FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_00404A7E
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00412274 FindFirstFileA,FindNextFileA,FindFirstFileA,FindNextFileA,FindFirstFileA,Sleep,FindNextFileA,0_2_00412274
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00412270 FindFirstFileA,FindNextFileA,FindFirstFileA,FindNextFileA,FindFirstFileA,Sleep,FindNextFileA,0_2_00412270

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2804962 ETPRO TROJAN Win32/Viking.GN ICMP Echo Request 192.168.2.5: -> 192.168.2.1:
        Source: TrafficSnort IDS: 2008017 ET TROJAN Philis.J ICMP Sweep (Payload Hello World) 192.168.2.1: -> 192.168.2.5:
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.drString found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte
        Source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedStateInsiderSlabBehaviorInsiderSlabBehaviorReporte
        Source: 1.exe, 00000000.00000002.4450973243.0000000001FC0000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4450486239.0000000001F60000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://258ip.com/down/update1.exehttp://258ip.com/down/update2.exehttp://258ip.com/down/update3.exeh
        Source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
        Source: explorer.exe, 00000008.00000002.4467406438.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2069214748.00000000045B9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
        Source: explorer.exe, 00000008.00000002.4446753251.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2031002716.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
        Source: explorer.exe, 00000008.00000002.4467406438.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
        Source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2069214748.00000000045B9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: unpack200.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
        Source: explorer.exe, 00000008.00000002.4467406438.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
        Source: 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2299846343.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2207469171.00000000041DF000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2302768967.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2205445463.0000000004174000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2300597090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2303685427.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2209901402.0000000004200000.00000004.00001000.00020000.00000000.sdmp, tnameserv.exe.0.dr, orbd.exe.0.dr, GoogleCrashHandler64.exe.0.dr, unpack200.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2069214748.00000000045B9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099192699.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2288712461.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2287533320.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099466968.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2083949774.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072329052.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2083187341.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://es5.github.io/#x15.4.4.21
        Source: 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com
        Source: 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.comnot
        Source: 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270118590.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: explorer.exe, 00000008.00000000.2035366718.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
        Source: explorer.exe, 00000008.00000000.2034860776.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4464152797.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4466202794.0000000008890000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/1465386/4224163
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/15123777)
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/1068834/object-comparison-in-javascript
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.activestate.com
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.activestate.comHolger
        Source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/
        Source: 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/8
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2038353253.000000000C81C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.baanboard.com
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.baanboard.comBrendon
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.computerhope.com/forum/index.php?topic=76293.0
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.develop.com
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.develop.comDeepak
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2086159442.000000000430A000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.lua.org
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rftp.com
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rftp.comJosiah
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.scintilla.org
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.scintilla.org/scite.rng
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.spaceblue.com
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.spaceblue.comMathias
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.tutorialspoint.com/javascript/array_map.htm
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Pref/StateMachine
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Pref/StateMachinehttps://PrefSyncJob/com
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/RFList
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload
        Source: explorer.exe, 00000008.00000003.3790282794.000000000C512000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2037794492.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4476952895.000000000C512000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096602674.000000000C50F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
        Source: explorer.exe, 00000008.00000002.4459812498.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2032781472.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
        Source: explorer.exe, 00000008.00000000.2035366718.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 00000008.00000000.2032781472.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4459812498.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 00000008.00000003.3789329026.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4452064675.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2031787683.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
        Source: 1.exe, 00000000.00000003.2212956369.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
        Source: 1.exe, 00000000.00000003.2212956369.0000000004071000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report..
        Source: 1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxBrowser
        Source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxupdate_urlBrowser
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/annots_metadata.jsonld
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/user_comment_metadata_result_v1.json
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
        Source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashpad.chromium.org/
        Source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
        Source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
        Source: 1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/820996
        Source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/820996LaunchElevatedProcessXML
        Source: 1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/820996LaunchElevatedProcessdisable-best-effort-tasksdisable-breakpaddisable-featur
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dc-api.adobe.io/discovery
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dc-api.adobe.io/discoverySoftware
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dc-api.adobe.io/schemas/discovery_v1.json
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dc-api.adobe.io/schemas/folder_listing_v1.json
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
        Source: explorer.exe, 00000008.00000002.4470629782.0000000009BE4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3792018335.0000000009BE3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096212506.0000000009B7A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1
        Source: 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1MaybeMigrateVersion1118.0.1.0in
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
        Source: 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/default-browser-agent/default-browser/1/Hash
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/telemetry/
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lifecycleapp.operationlifecycle.shutdownlifecycle.startuptimer.starttimertimer.stoppedtimer.
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244536391.0000000002030000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000002011000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.drString found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.com
        Source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.comBasicX-MS-ReduceTelemetryX-MS
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notify-stage.adobe.io/ans
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notify-stage.adobe.io/ans/
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notify-stage.adobe.io/anshttps://notify.adobe.io/ansEnableDesktopNotificationlocale
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notify.adobe.io/ans
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://notify.adobe.io/ans/
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.drString found in binary or memory: https://otelrules.azureedge.net/rules/.bundlesdxhelper.exeFailed
        Source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://otelrules.azureedge.net/rules/officec2rclient.exeonenote.exesdxhelper.exe
        Source: explorer.exe, 00000008.00000002.4470629782.0000000009BE4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3792018335.0000000009BE3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096212506.0000000009B7A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p13n-stage.adobe.io/psdk/v2/content?
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p13n-stage.adobe.io/psdk/v2/content?https://p13n.adobe.io/psdk/v2/content?%Y-%m-%dT%H:%M:%SZ
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://p13n.adobe.io/psdk/v2/content?
        Source: explorer.exe, 00000008.00000000.2037794492.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4475814466.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://qsurvey.mozilla.com/s3/FF-Desktop-Post-Uninstall?channel=release&version=118.0.1&osversion=
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.iourifullpayloadlinksinvitationURIreviewURIcommentingAssetURNEurekaInvitationI
        Source: 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.com
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.com.adobe.ioassetUrnreviewUrnFilesFile
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.com0
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comAcroCoreSyncSharedReviewLoggingEnabledAcrobat_DesktopUserhttps://comments.ad
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comK
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comReadStatus
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comcommandNameAdd_AnnotsDelete_AnnotsUpdate_AnnotsEurekaReviewFetchReviewUpdate
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comemptyAnnotations
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comhttps://scss.adobesc.comhttps://scss.adobesc.com
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.cominvalidAnnotIdList
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scss.adobesc.comreasoncom.adobe.review.sdk
        Source: 1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=usage_stats_crash_reports
        Source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=chrome_uninstall_surveymicrosoft-edge:open..
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsopen
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsuninstall_ping_
        Source: 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.orgPublisherUninstallString
        Source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
        Source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
        Source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
        Source: explorer.exe, 00000008.00000000.2035366718.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
        Source: explorer.exe, 00000008.00000000.2035366718.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
        Source: 1.exe, 00000000.00000003.2067578849.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.7-zip.org/
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/autoit3/
        Source: 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/8
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
        Source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/oauth2/authorize
        Source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/oauth2/authorizeInvalidBrowserSettingsBrowserCreationFailedInvalidRenderHand
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
        Source: 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/118.0.1/releasenoteshttps://www.mozilla.orgNoModifyNoRepair/S=0K
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.smartsharesystems.com/
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.smartsharesystems.com/Morten
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_8e48fb1d-2
        Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4324, type: MEMORYSTR

        System Summary

        barindex
        PE file has nameless sections
        Source: Dll.dll.0.drStatic PE information: section name:
        Source: Dll.dll.0.drStatic PE information: section name:
        Source: Dll.dll.0.drStatic PE information: section name:
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004059A8 GetProcAddress,NtOpenThread,FreeLibrary,0_2_004059A8
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00405A5B GetProcAddress,NtOpenThread,FreeLibrary,0_2_00405A5B
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Windows\rundl132.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Windows\Dll.dllJump to behavior
        Source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefault-browser-agent.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroTextExtractor.exe~/ vs 1.exe
        Source: 1.exe, 00000000.00000003.2199695779.0000000004307000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejusched.exe\ vs 1.exe
        Source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameApplicationID.dll< vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobeCollabSync.exe> vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.0000000002C03000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobeCollabSync.exef# vs 1.exe
        Source: 1.exe, 00000000.00000003.2212956369.0000000004071000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: unknown error %dthread::detach failed__thread_specific_ptr construction failed..\..\base\win\scoped_winrt_initializer.ccoperator()..\..\base\files\file_util_win.ccMakeAbsoluteFilePathReplaceFileWPathExistsDirectoryExistsC:\CreateAndOpenTemporaryFileInDir.tmpGetSecureSystemTempSystemTempCreateDirectoryAndGetErrorMakeLongFilePathGetCurrentDirectoryWWDDoDeleteFile*PathHasAccess..\..\base\file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\unordered container erase(iterator) called with a non-dereferenceable iterator..\..\third_party\libc++\src\include\__hash_table..\..\base\metrics\persistent_histogram_storage.ccCould not write "" persistent histograms to file as the storage base directory is not properly set." persistent histograms to file as the storage directory cannot be created." persistent histograms to file as the storage directory does not exist.%04d%02d%02d%02d%02d%02dPersistent histograms fail to write to file: WaitableEvent::Signal..\..\base\synchronization\waitable_event.ccTimedWaitWaitableEvent::Wait Complete 000000000000 vs 1.exe
        Source: 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobatInfo.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprivate_browsing.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemaintenanceservice_installer.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavaws.exeX vs 1.exe
        Source: 1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeB vs 1.exe
        Source: 1.exe, 00000000.00000003.2244536391.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameupdater.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAu3Info.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2094191005.0000000004297000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameadobe_licensing_wf.exeF vs 1.exe
        Source: 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameplugin-container.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameadobe_licensing_wf_helper.exeT vs 1.exe
        Source: 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehelper.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2190991302.00000000044C9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroCEF.exe> vs 1.exe
        Source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroCEF.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWCChromeNativeMessagingHost.exeB vs 1.exe
        Source: 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroBroker.exe~/ vs 1.exe
        Source: 1.exe, 00000000.00000003.2067578849.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7zFM.exe, vs 1.exe
        Source: 1.exe, 00000000.00000003.2289661125.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejaureg.exe\ vs 1.exe
        Source: 1.exe, 00000000.00000003.2212956369.00000000041A4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenotification_helper.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe6 vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeH vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeD vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeB vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe> vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe8 vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe: vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeF vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeJ vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeP vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeL vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe@ vs 1.exe
        Source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe4 vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tLegalCopyrightCopyright (c) Microsoft Corporation. All rights reserved.L$OriginalFilenameVC_redist.x64.exe vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMpCmdRun.exej% vs 1.exe
        Source: 1.exe, 00000000.00000003.2069214748.00000000045B9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcrobat.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameADelRCP.dll\ vs 1.exe
        Source: 1.exe, 00000000.00000003.2296957210.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameliclua.exen' vs 1.exe
        Source: 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameADNotificationManager.exe vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.0000000002687000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameosppsvc.exeD vs 1.exe
        Source: 1.exe, 00000000.00000003.2099192699.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename32BitMAPIBroker.exeD vs 1.exe
        Source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Error3, 3, 16, 1Aut2ExeAutoItIt is a violation of the AutoIt EULA to attempt to reverse engineer this program.Application integrity can't be verified.Aut2Exe - v (AutoIt Script to EXE Converter)Software\AutoIt v3\AutoItSoftware\AutoIt v3\Aut2ExeSoftware\HiddenSoft\AutoIt3\Aut2ExeLastScriptDirLastExeDirLastIconDirLastIconLastCompressionUseUPX\AutoIt v3\Aut2Exetmp/in/out/icon/pass/nodecompile/compression/comp/nopack/pack/ansi/unicode/x86/x64/bin/nobeeperror/gui/console/execlevelHIGHESTAVAILABLEREQUIREADMINISTRATORNONE/ignoredirectives/inputboxres/comments/companyname/filedescription/internalname/legalcopyright/legaltrademarks/originalfilename/productname/fileversion,/productversion.a3x.exeAutoIt files (*.au3)*.au3All files (*.*)*.*au3Encoded script files (*.a3x)*.a3xExecutable files (*.exe)*.exea3xexeIcon files (*.ico)*.icoicoReadyAbor&t&Convert.tokCompiling script...AutoItSC_x64.binAutoItSC.binBIN64BIN32Error: Unable to extract interpreter.Error: Unable to create temporary executable: vs 1.exe
        Source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Aborting...%s (%d%% Complete / %d%% Compression)requireAdministratorasInvokerhighestAvailableVS_VERSION_INFOStringFileInfoVarFileInfoTranslationCommentsCompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightLegalTrademarksOriginalFilenameProductNameProductVersion."upx.exe" --best --compress-icons=0 --keep-resource=10/SCRIPT " vs 1.exe
        Source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: #includeRun Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*#include depth exceeded. Make sure there are no recursive includesError opening the fileBad directive syntax errorUnterminated string#pragma compile#notrayicon#requireadmin#OnAutoItStartRegister#include-onceCannot parse #include#comments-start#csUnterminated group of comments#comments-end#ce)'CONSOLEAUTOITEXECUTEALLOWEDUPXX64COMPRESSIONICONOUTCOMPATIBILITYEXECLEVELINPUTBOXRESCOMMENTSCOMPANYNAMEFILEDESCRIPTIONFILEVERSIONINTERNALNAMELEGALCOPYRIGHTLEGALTRADEMARKSORIGINALFILENAMEPRODUCTNAMEPRODUCTVERSION vs 1.exe
        Source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Aut2Exe.exe /in <infile.au3> [/out <outfile.exe>] [/icon <iconfile.ico>] [/comp 0-4] [/ignoredirectives] [/nopack] [/pack] [/ansi] [/unicode] [/x64] [/console] [/gui] [/execlevel <asinvoker | highestavailable | requireadministrator | none>] [/compatibility <vista | win7 | win8>] [/comments <>] [/companyname <>] [/filedescription <>] [/internalname <>] [/legalcopyright <>] [/legaltrademarks <>] [/originalfilename <>] [/productname <>] [/fileversion <fixednum[,num]>] [/productversion <fixednum[,num]>](Error: Unable to create temporary files.]Error: An error was encountered while trying to read in the script file and/or include files.-Error: Unable to create the compiled archive.+Error: Invalid "FileInstall" syntax found. ;Error: Unable to execute upx.exe to compress stub file: vs 1.exe
        Source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAut2Exe.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2066189792.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7z.exe, vs 1.exe
        Source: 1.exe, 00000000.00000003.2288712461.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamearmsvc.exeN vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNisSrv.exej% vs 1.exe
        Source: 1.exe, 00000000.00000003.2299846343.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejava.exeN vs 1.exe
        Source: 1.exe, 00000000.00000003.2099466968.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename64BitMAPIBroker.exeD vs 1.exe
        Source: 1.exe, 00000000.00000003.2207469171.00000000041DF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome_pwa_launcher.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSciTE.EXE, vs 1.exe
        Source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Lfile_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\SetThreadDescriptionUnknown priority.::GetThreadPriority returned G vs 1.exe
        Source: 1.exe, 00000000.00000003.2083949774.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCRWindowsClientService.exeZ vs 1.exe
        Source: 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecrashreporter.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2302768967.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameminidump-analyzer.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2068340277.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename7zg.exe, vs 1.exe
        Source: 1.exe, 00000000.00000003.2072329052.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroSpeedLaunch.exeD vs 1.exe
        Source: 1.exe, 00000000.00000003.2068797001.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUninstall.exe, vs 1.exe
        Source: 1.exe, 00000000.00000003.2083187341.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCRLogTransport .exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2205445463.0000000004174000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome_proxy.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3Help.exe8 vs 1.exe
        Source: 1.exe, 00000000.00000003.2300597090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejavaw.exeN vs 1.exe
        Source: 1.exe, 00000000.00000003.2074834480.0000000004AA1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobeCollabSync.exe> vs 1.exe
        Source: 1.exe, 00000000.00000003.2074834480.0000000004AA1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobeCollabSync.exef# vs 1.exe
        Source: 1.exe, 00000000.00000003.2299284398.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVSTOInstaller.exe^ vs 1.exe
        Source: 1.exe, 00000000.00000003.2225154341.00000000044F3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIntegratedOffice.exeB vs 1.exe
        Source: 1.exe, 00000000.00000003.2084471694.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEula.exe* vs 1.exe
        Source: 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepingsender.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamejucheck.exe\ vs 1.exe
        Source: 1.exe, 00000000.00000002.4450973243.0000000001FC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename" vs 1.exe
        Source: 1.exe, 00000000.00000002.4451156723.00000000025B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIntegrator.exeB vs 1.exe
        Source: 1.exe, 00000000.00000003.2303685427.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemaintenanceservice.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2209901402.0000000004200000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameelevation_service.exe< vs 1.exe
        Source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\base\files\file_util_win.ccMakeAbsoluteFilePathDeleteFileAfterRebootReplaceFileWPathExistsDirectoryExistsC:\CreateAndOpenTemporaryFileInDir.tmpCreateTemporaryDirInDirGetSecureSystemTempSystemTempCreateDirectoryAndGetErrorMakeLongFilePathGetFileInfoOpenFileWriteFileGetCurrentDirectoryWSetCurrentDirectoryWWDMoveUnsafeCopyAndDeleteDirectoryDoDeleteFile*DoCopyDirectoryPathHasAccessDoCopyFile..\..\base\files\file_enumerator_win.ccNext..\..\base\file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\..\..\base\metrics\persistent_histogram_storage.ccCould not write "" persistent histograms to file as the storage base directory is not properly set." persistent histograms to file as the storage directory cannot be created." persistent histograms to file as the storage directory does not exist.%04d%02d%02d%02d%02d%02dPersistent histograms fail to write to file: scoped_dir..\..\base\files\file_util.ccReadStreamToSpanWithMaxSizeinvalid vs 1.exe
        Source: 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAu3Info.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: F@ Error3, 3, 16, 1Aut2ExeAutoItIt is a violation of the AutoIt EULA to attempt to reverse engineer this program.Application integrity can't be verified.Aut2Exe - v (AutoIt Script to EXE Converter)Software\AutoIt v3\AutoItSoftware\AutoIt v3\Aut2ExeSoftware\HiddenSoft\AutoIt3\Aut2ExeLastScriptDirLastExeDirLastIconDirLastIconLastCompressionUseUPX\AutoIt v3\Aut2Exetmp/in/out/icon/pass/nodecompile/compression/comp/nopack/pack/ansi/unicode/x86/x64/bin/nobeeperror/gui/console/execlevelHIGHESTAVAILABLEREQUIREADMINISTRATORNONE/ignoredirectives/inputboxres/comments/companyname/filedescription/internalname/legalcopyright/legaltrademarks/originalfilename/productname/fileversion,/productversion.a3x.exeAutoIt files (*.au3)*.au3All files (*.*)*.*au3Encoded script files (*.a3x)*.a3xExecutable files (*.exe)*.exea3xexeIcon files (*.ico)*.icoicoReadyAbor&t&Convert.tokCompiling script...AutoItSC_x64.binAutoItSC.binBIN64BIN32Error: Unable to extract interpreter.Error: Unable to create temporary executable: vs 1.exe
        Source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Aborting...%s (%d%% Complete / %d%% Compression)requireAdministratorasInvokerhighestAvailableVS_VERSION_INFOStringFileInfoVarFileInfoTranslationCommentsCompanyNameFileDescriptionFileVersionInternalNameLegalCopyrightLegalTrademarksOriginalFilenameProductNameProductVersion."upx.exe" --best --compress-icons=0 --keep-resource=10/SCRIPT " vs 1.exe
        Source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: #includeRun Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*#include depth exceeded. Make sure there are no recursive includesError opening the fileBad directive syntax errorUnterminated string#pragma compile#notrayicon#requireadmin#OnAutoItStartRegister#include-onceCannot parse #include#comments-start#csUnterminated group of comments#comments-end#ce)'CONSOLEAUTOITEXECUTEALLOWEDUPXX64COMPRESSIONICONOUTCOMPATIBILITYEXECLEVELINPUTBOXRESCOMMENTSCOMPANYNAMEFILEDESCRIPTIONFILEVERSIONINTERNALNAMELEGALCOPYRIGHTLEGALTRADEMARKSORIGINALFILENAMEPRODUCTNAMEPRODUCTVERSION vs 1.exe
        Source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Aut2Exe.exe /in <infile.au3> [/out <outfile.exe>] [/icon <iconfile.ico>] [/comp 0-4] [/ignoredirectives] [/nopack] [/pack] [/ansi] [/unicode] [/x64] [/console] [/gui] [/execlevel <asinvoker | highestavailable | requireadministrator | none>] [/compatibility <vista | win7 | win8>] [/comments <>] [/companyname <>] [/filedescription <>] [/internalname <>] [/legalcopyright <>] [/legaltrademarks <>] [/originalfilename <>] [/productname <>] [/fileversion <fixednum[,num]>] [/productversion <fixednum[,num]>](Error: Unable to create temporary files.]Error: An error was encountered while trying to read in the script file and/or include files.-Error: Unable to create the compiled archive.+Error: Invalid "FileInstall" syntax found. ;Error: Unable to execute upx.exe to compress stub file: vs 1.exe
        Source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAut2Exe.exe0 vs 1.exe
        Source: 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAu3Check.exeN vs 1.exe
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLogTransport2.exe0 vs 1.exe
        Source: 1.exeBinary or memory string: OriginalFilename" vs 1.exe
        Source: 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: classification engineClassification label: mal100.spre.troj.evad.winEXE@13/1028@0/100
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004056C4 CreateToolhelp32Snapshot,0_2_004056C4
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404372 FindResourceA,0_2_00404372
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files\_desktop.iniJump to behavior
        Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.dbJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6584:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:120:WilError_03
        Source: Yara matchFile source: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\1.exeFile read: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT content_item_relations.src_content_item_id, branches.download_state, content_items.creation_id,branches.content_item_id,branches.record_created, branches.modified, content_items.asset_id, content_items.type, content_items.content_item_type, content_items.removed_from_server, content_items.pending_local_delete, content_item_revisions.cloud_etag, content_item_revisions.updated, content_item_revisions.local_etag, content_item_revisions.request_id, content_item_revisions.content_name, content_item_resources.resource_cloud_etag , content_item_resources.resource_local_etag , resource_revisions.rel_to_content_item , resource_revisions.resource_type, resource_revisions.committed, resource_content.resource_content, (select 1 from branches where branch_name = 'conflict' AND content_item_id = :id) as is_conflicted,(SELECT 1 FROM branches JOIN content_items ON(content_items.creation_id = branches.content_item_id) WHERE( branches.app_id = :appId AND branches.branch_name = 'current' AND branches.content_item_id = :id AND (( content_items.pending_local_delete = 1 AND content_items.removed_from_server = 0) OR branches.content_item_revision_id not in( SELECT branches.content_item_revision_id FROM branches WHERE( branches.app_id = :appId AND branches.branch_name = 'base' AND branches.content_item_id = :id))))) as is_sync_pending, (SELECT resource_content.resource_content FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_resources ON (branches.content_item_revision_id = content_item_resources.content_item_revision_id) JOIN resource_revisions ON (content_item_resources.resource_revision_id = resource_revisions.revision_id) JOIN resource_content ON (resource_revisions.hash = resource_content.resource_content_id) WHERE( branches.content_item_id = :id AND branches.branch_name = 'error' AND branches.app_id = :appId)) as error_payload FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id) JOIN content_item_resources ON (branches.content_item_revision
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE branches SET content_item_revision_id = :contentItemRevisionId, modified = :modified, download_state = :downloadState WHERE( content_item_id = :contentItemId AND branch_name = :branchName AND app_id = :appId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_content ( resource_content_id TEXT PRIMARY KEY NOT NULL, resource_content TEXT NOT NULL);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO content_items( creation_id, asset_id, type, content_item_type, created, removed_from_server, pending_local_delete) VALUES( :creationId, :assetId, :type, :contentItemType, :created, :removedFromServer, :pendingLocalDelete);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests WHERE( request_type = :requestType);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT OR REPLACE INTO branches( content_item_id, content_item_revision_id, branch_name, app_id, is_transient, record_created, modified, download_state) VALUES( :contentItemId, :contentItemRevisionId, :branchName, :appId, :isTransient, :recordCreated, :modified, :downloadState);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE content_items SET pending_local_delete = :pendingLocalDelete WHERE( creation_id = :creationId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT OR REPLACE INTO content_item_relations( src_content_item_id, target_content_item_id, rel) VALUES( :srcContentItemId, :targetContentItemId, :rel);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO resource_revisions( revision_id, rel_to_content_item, resource_type, media_type, locator, committed, hashType, hash, storageSize, width, height) VALUES( :revisionId, :relToContentItem, :resourceType, :mediaType, :locator_var, :committed_var, :hashType_var, :hash_var, :storageSize_var, :width_var, :height_var);
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp, integrator.exe.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS branches ( content_item_id TEXT NOT NULL, content_item_revision_id TEXT NOT NULL, branch_name TEXT NOT NULL, app_id TEXT NOT NULL, is_transient INTEGER DEFAULT 0 NOT NULL, record_created TIMESTAMP NOT NULL, modified TIMESTAMP NOT NULL, download_state TEXT DEFAULT NULL, PRIMARY KEY (content_item_id, branch_name, app_id));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_resources ( content_item_revision_id TEXT NOT NULL, resource_revision_id TEXT NOT NULL, resource_id TEXT DEFAULT NULL, resource_cloud_etag TEXT DEFAULT NULL, resource_cloud_version_id TEXT DEFAULT NULL, resource_local_etag TEXT DEFAULT NULL, resource_local_version_id TEXT DEFAULT NULL, PRIMARY KEY (content_item_revision_id, resource_revision_id));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO device_mappings( device_mapping_id, content_item_id, collection_id, content_item_type, include_rel_types, include_depth, branch, TTL, Priority, app_info) VALUES( :deviceMappingId, :contentItemId, :collectionId, :contentItemType, :includeRelTypes, :includeDepth, :branch, :TTL, :priority, :appInfo);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO content_item_resources( content_item_revision_id, resource_revision_id) VALUES( :contentItemRevisionId, :resourceRevisionId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO branches ( content_item_id, content_item_revision_id, branch_name, app_id, is_transient, record_created, modified, download_state) VALUES( :contentItemId, :contentItemRevisionId, :branchName, :appId, :isTransient, :recordCreated, :modified, :downloadState);
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp, integrator.exe.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE content_items SET removed_from_server = :removedFromServer WHERE( creation_id = :creationId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE branches SET modified = :modified WHERE( content_item_id = :contentItemId AND branch_name = :branchName AND app_id = :appId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT branches.content_item_id FROM branches JOIN content_items ON(content_items.creation_id = branches.content_item_id) WHERE( branches.app_id = :appId AND branches.branch_name = :branch1 AND branches.content_item_id = :contentItemId AND (( content_items.pending_local_delete = 1 AND content_items.removed_from_server = 0) OR branches.content_item_revision_id not in( SELECT branches.content_item_revision_id FROM branches WHERE( branches.app_id = :appId AND branches.branch_name = :branch2 AND branches.content_item_id = :contentItemId))));
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Select Count(SessionId) from DataTable;
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: select count(*) from SQLITE_MASTER where type = "table";
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE content_items SET pending_local_delete = :pendingLocalDelete WHERE( creation_id = :creationId);
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp, integrator.exe.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO content_item_revisions( content_item_revision_id, cloud_etag, updated, local_etag, request_id, content_name) VALUES( :contentIemRevisionId, :cloudEtag, :updated, :localEtag, :requestId, :contentName);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_items( creation_id TEXT PRIMARY KEY NOT NULL, asset_id TEXT DEFAULT NULL, type TEXT NOT NULL, content_item_type TEXT NOT NULL, created TEXT NOT NULL, removed_from_server INTEGER DEFAULT 0 NOT NULL, pending_local_delete INTEGER DEFAULT 0 NOT NULL, update_seq_num INTEGER DEFAULT 0 NOT NULL);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS sync_tokens ( content_item_id TEXT PRIMARY KEY NOT NULL, token TEXT DEFAULT NULL, last_sync_time TIMESTAMP DEFAULT NULL, device_mapping_id TEXT DEFAULT NULL);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE pending_requests SET request_status = :requestStatus, message = :message, status_code = :statusCode WHERE( pending_request_id = :pendingRequestId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM device_mappings WHERE( content_item_id = :contentItemId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT OR REPLACE INTO branches ( content_item_id, content_item_revision_id, app_id, is_transient, record_created, modified, download_state, branch_name) SELECT content_item_id, content_item_revision_id, app_id, is_transient, record_created, modified, download_state, :targetBranchname from branches WHERE branch_name = :srcBranchname AND content_item_id = :contentItemId AND app_id = :appId;
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT branches.content_item_id FROM content_item_relations JOIN branches ON( branches.content_item_id = content_item_relations.target_content_item_id) JOIN content_items ON( content_items.creation_id = content_item_relations.target_content_item_id) WHERE( content_item_relations.src_content_item_id = :srcContentItemId AND content_item_relations.rel = :relType AND branches.app_id = :appId AND branches.branch_name = :branch1 AND (( content_items.pending_local_delete = 1 AND content_items.removed_from_server = 0) OR branches.content_item_revision_id NOT IN ( SELECT branches.content_item_revision_id FROM content_item_relations JOIN branches ON( branches.content_item_id = content_item_relations.target_content_item_id) WHERE( content_item_relations.src_content_item_id = :srcContentItemId AND content_item_relations.rel = :relType AND branches.app_id = :appId AND branches.branch_name = :branch2))));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_relations ( src_content_item_id TEXT NOT NULL, target_content_item_id TEXT NOT NULL, rel TEXT NOT NULL, PRIMARY KEY (src_content_item_id, target_content_item_id, rel));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO pending_requests( pending_request_id, request_type, content_item_id, context) VALUES( :pendingRequestId, :requestType, :contentItemId, :context);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT *, (SELECT resource_content.resource_content FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_resources ON (branches.content_item_revision_id = content_item_resources.content_item_revision_id) JOIN resource_revisions ON (content_item_resources.resource_revision_id = resource_revisions.revision_id) JOIN resource_content ON (resource_revisions.hash = resource_content.resource_content_id) WHERE( branches.content_item_id = creation_id_local AND branches.branch_name = 'error' AND branches.app_id = :appId)) as error_payload, (SELECT 1 from branches where branch_name = 'conflict' AND content_item_id = creation_id_local) as is_conflicted, ( SELECT 1 FROM branches JOIN content_items ON(content_items.creation_id = branches.content_item_id and branches.content_item_id = creation_id_local) WHERE( branches.app_id = :appId AND branches.branch_name = 'current' AND (( content_items.pending_local_delete = 1 AND content_items.removed_from_server = 0) OR branches.content_item_revision_id not in( SELECT branches.content_item_revision_id FROM branches WHERE( branches.app_id = :appId AND branches.branch_name = 'base'))))) as is_sync_pending FROM ( SELECT content_item_relations.src_content_item_id, branches.download_state, branches.record_created, branches.modified, content_items.creation_id , content_items.creation_id as creation_id_local, branches.content_item_id, content_items.asset_id, content_items.type, content_items.content_item_type, content_items.removed_from_server, content_items.pending_local_delete, content_item_revisions.cloud_etag, content_item_revisions.updated, content_item_revisions.local_etag, content_item_revisions.request_id, content_item_revisions.content_name, content_item_resources.resource_cloud_etag , content_item_resources.resource_local_etag , resource_revisions.rel_to_content_item , resource_revisions.resource_type, resource_revisions.committed, resource_content.resource_content FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id) JOIN content_item_resources
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE content_item_revisions SET local_etag = :localEtag, request_id = :requestId, updated = :updated WHERE( content_item_revision_id IN ( SELECT content_item_revision_id FROM branches WHERE( content_item_id = :contentItemId AND branch_name = :branchName ANDapp_id = :appId)));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests WHERE( request_type = :requestType and content_item_id = :contentItemId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE device_mappings SET unPinned = 1 WHERE(content_item_id = :contentItemId);
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS DataTable(SessionId STRING PRIMARY KEY,Product STRING,UpdateTimestamp INTEGER,Status INTEGER, SchemaVersion TEXT);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS pending_requests ( pending_request_id TEXT PRIMARY KEY NOT NULL, request_type TEXT NOT NULL, content_item_id TEXT DEFAULT NULL, context TEXT DEFAULT NULL, pending_request_created TIMESTAMP DEFAULT (strftime('%Y-%m-%dT%H:%M:%SZ', 'now', 'localtime')) NOT NULL, request_status TEXT DEFAULT "CREATED" NOT NULL, message TEXT DEFAULT NULL, status_code INTEGER DEFAULT -1 NOT NULL, device_mapping_id TEXT DEFAULT NULL, UNIQUE (content_item_id, request_type, request_status));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT content_item_revisions.cloud_etag FROM content_items JOIN branches ON (branches.content_item_id = content_items.creation_id)JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id)WHERE( content_items.asset_id = :assetId AND branches.branch_name = :branchName AND branches.app_id = :appId);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT content_items.creation_id FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id) WHERE (branches.branch_name = 'current' AND branches.app_id = :appid) AND ((content_items.pending_local_delete = 1 AND content_items.removed_from_server = 0) OR (content_item_revisions.content_item_revision_id) NOT IN ( SELECT content_item_revisions.content_item_revision_id FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id) WHERE (branches.branch_name = 'base' AND branches.app_id = :appid))) AND content_items.creation_id NOT IN ( SELECT content_item_id FROM branches WHERE( branch_name = 'error'));
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT creation_id FROM content_items WHERE asset_id = :assetId;
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM device_mappings WHERE( unPinned = 1);
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT content_item_relations.src_content_item_id, branches.download_state, content_items.creation_id,branches.content_item_id,branches.record_created, branches.modified, content_items.asset_id, content_items.type, content_items.content_item_type, content_items.removed_from_server, content_items.pending_local_delete, content_item_revisions.cloud_etag, content_item_revisions.updated, content_item_revisions.local_etag, content_item_revisions.request_id, content_item_revisions.content_name, content_item_resources.resource_cloud_etag , content_item_resources.resource_local_etag , resource_revisions.rel_to_content_item , resource_revisions.resource_type, resource_revisions.committed, resource_content.resource_content, (select 1 from branches where branch_name = 'conflict' AND content_item_id = :id) as is_conflicted, (SELECT 1 FROM branches JOIN content_items ON(content_items.creation_id = branches.content_item_id) WHERE( branches.app_id = :appId AND branches.branch_name = 'current' AND branches.content_item_id = :id AND (( content_items.pending_local_delete = 1 AND content_items.removed_from_server = 0) OR branches.content_item_revision_id not in( SELECT branches.content_item_revision_id FROM branches WHERE( branches.app_id = :appId AND branches.branch_name = 'base' AND branches.content_item_id = :id))))) as is_sync_pending, (SELECT content_item_revisions.cloud_etag FROM content_items JOIN branches ON (branches.content_item_id = content_items.creation_id)JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id)WHERE( content_items.asset_id = :collectionId AND branches.branch_name = :branchName AND branches.app_id = :appId)) as collection_cloud_etag FROM branches JOIN content_items ON (branches.content_item_id = content_items.creation_id) JOIN content_item_revisions ON (branches.content_item_revision_id = content_item_revisions.content_item_revision_id) JOIN content_item_resources ON (branches.content_item_revision_id = content_item_resources.content_item_revision_id) JOIN resource_revisions ON (content_item_resources.resource_revision_id = resource_revisions.revision_id) JOIN content_item_rel
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM device_mappings WHERE( content_item_type = :resourceType);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_updates ( seq_num INTEGER PRIMARY KEY NOT NULL, app_id TEXT NOT NULL, content_item_local_id TEXT NOT NULL, time TIMESTAMP NOT NULL, operation TEXT NOT NULL);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE content_items SET asset_id = :assetId WHERE( creation_id = :creationId);
        Source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp, integrator.exe.0.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS device_mappings ( device_mapping_id TEXT PRIMARY KEY NOT NULL, content_item_id TEXT NOT NULL, content_item_type TEXT NOT NULL, include_rel_types TEXT DEFAULT NULL, include_depth INTEGER DEFAULT 0 NOT NULL, branch TEXT DEFAULT NULL, device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, collection_id TEXT DEFAULT NULL, TTL INTEGER DEFAULT 0 NOT NULL, Priority INTEGER DEFAULT 0 NOT NULL, app_info TEXT NOT NULL, unPinned INTEGER DEFAULT 0 NOT NULL, UNIQUE (content_item_id, branch));
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO resource_content( resource_content_id, resource_content) VALUES ( :resourceContentId, :resourceContent);
        Source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT *FROM pending_requests WHERE(content_item_id = :contentItemId);
        Source: 1.exeVirustotal: Detection: 87%
        Source: C:\Users\user\Desktop\1.exeFile read: C:\Users\user\Desktop\1.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_desktop.ini
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: wsock32.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: schedcli.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: napinsp.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: pnrpnsp.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: wshbth.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: nlaapi.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: winrnr.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: icmp.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\1.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: dlnashext.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: wpdshext.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\_desktop.iniJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\7-Zip\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\7-Zip\Lang\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themeless_Reader\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\ccpdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\themeless\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ar-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-gb\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nl-nl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\uk-ua\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\_desktop.iniJump to behavior
        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\armsvc.pdb source: 1.exe, 00000000.00000003.2288712461.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe.0.dr
        Source: Binary string: NisSrv.pdb source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb source: 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb444 source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\TextExtractor.pdb source: 1.exe, 00000000.00000003.2072838492.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: ADelRCP_Exec.pdb source: 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroCEF\AcroCEF.pdbI source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: plugin-container.pdb source: 1.exe, 00000000.00000003.2243476720.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: crashreporter.pdb source: 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdbAAAGCTL source: 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb source: 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb888 source: 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatExe.pdb source: 1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: Acrobat_SL.pdb((( source: 1.exe, 00000000.00000003.2072329052.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\initialexe\chrome.exe.pdb source: 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler64_unsigned.pdb source: 1.exe, 00000000.00000003.2303685427.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, GoogleCrashHandler64.exe.0.dr
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AdobeCollabSync.pdb# source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: pingsender.pdb source: 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe.pdb source: 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_acro.pdbT source: 1.exe, 00000000.00000003.2094191005.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: ADelRCP_Exec.pdbCC9 source: 1.exe, 00000000.00000003.2073003378.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: 1.exe, 00000000.00000003.2287533320.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdb source: 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.dr
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb00 source: unpack200.exe.0.dr
        Source: Binary string: private_browsing.pdb source: 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: Acrobat_SL.pdb source: 1.exe, 00000000.00000003.2072329052.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: 1.exe, 00000000.00000003.2299846343.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler_unsigned.pdb source: 1.exe, 00000000.00000003.2302768967.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: 1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.dr
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdbGG source: 1.exe, 00000000.00000003.2083949774.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: VSTOInstaller.pdb source: 1.exe, 00000000.00000003.2299284398.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, VSTOInstaller.exe.0.dr
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\elevation_service.exe.pdb source: 1.exe, 00000000.00000003.2209901402.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcrobatInfo.pdb))) source: 1.exe, 00000000.00000003.2072167354.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: 64BitMAPIBroker.pdb source: 1.exe, 00000000.00000003.2099466968.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: maintenanceservice.pdb source: 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Users\jim\Desktop\metro research\ApplicationID\Release\ApplicationID.pdb source: 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: firefox.pdb source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_helper_acro.pdb source: 1.exe, 00000000.00000003.2097585988.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb source: 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\WCChromeNativeMessagingHost.pdb source: 1.exe, 00000000.00000003.2091866454.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: firefox.pdbP source: 1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: GoogleUpdate_unsigned.pdb source: 1.exe, 00000000.00000003.2304800992.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\setup.exe.pdb source: 1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: private_browsing.pdbp source: 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: 1.exe, 00000000.00000003.2100872044.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb@@ source: 1.exe, 00000000.00000003.2099192699.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\x64\Release\CRWindowsClientService.pdb source: 1.exe, 00000000.00000003.2083949774.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\setupexe\x-none\LicLua.pdb source: 1.exe, 00000000.00000003.2296957210.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: d:\dbs\el\omr\target\x64\ship\click2run\x-none\IntegratedOffice.pdb source: 1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_pwa_launcher.exe.pdb source: 1.exe, 00000000.00000003.2207469171.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\plug_ins\pi_brokers\MSRMSPIBroker.pdb source: 1.exe, 00000000.00000003.2099967561.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: maintenanceservice.pdb` source: 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ShowAppPickerForPDF\Release_x64\ShowAppPickerForPDF.pdb$$ source: 1.exe, 00000000.00000003.2085825576.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release\AcrobatExe.pdb source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdbr source: 1.exe, 00000000.00000003.2287533320.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb source: 1.exe, 00000000.00000003.2084471694.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler64_unsigned.pdbl source: 1.exe, 00000000.00000003.2303685427.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, GoogleCrashHandler64.exe.0.dr
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\jre-image\bin\javaws.pdb8 source: 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: GoogleCrashHandler_unsigned.pdbp source: 1.exe, 00000000.00000003.2302768967.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdb source: 1.exe, 00000000.00000003.2083187341.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\workspace\RT_Win_8_2\Mainline\public\binary\Win\x64\Release\LogTransport2.pdbTTNGCTL source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: minidump-analyzer.pdb source: 1.exe, 00000000.00000003.2241462892.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\chrome_proxy.exe.pdb source: 1.exe, 00000000.00000003.2205445463.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
        Source: Binary string: d:\dbs\el\omr\target\x86\ship\setupexe\x-none\LicLua.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: 1.exe, 00000000.00000003.2296957210.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: E:\jenkins\workspace\NGL_WORKFLOW\build\master\win64\Release\Acrobat\project\win\ngl-workflow\x64\Release (Acrobat)\adobe_licensing_wf_acro.pdb source: 1.exe, 00000000.00000003.2094191005.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\Release_x64\notification_helper.exe.pdb source: 1.exe, 00000000.00000003.2212956369.0000000004071000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroBroker.pdbTTT source: 1.exe, 00000000.00000003.2072470333.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: NisSrv.pdbGCTL source: 1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\T\Acrobat\Installers\ADNotificationManager\Viewer Release_x64\ADNotificationManager.pdb22 source: 1.exe, 00000000.00000003.2073322688.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\SciTE\SciTE.pdb source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.0.dr
        Source: Binary string: default-browser-agent.pdb source: 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: updater.pdb source: 1.exe, 00000000.00000003.2244536391.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release\Plug_ins\pi_brokers\32BitMAPIBroker.pdb source: 1.exe, 00000000.00000003.2099192699.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AdobeCollabSync.pdb source: 1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: 1.exe, 00000000.00000003.2300597090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: 1.exe, 00000000.00000003.2301308090.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\AcroCEF\AcroCEF.pdb source: 1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\T\BuildResults\bin\Release_x64\Eula.pdb888 source: 1.exe, 00000000.00000003.2084471694.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\mozilla-source\mozilla-central\other-licenses\nsis\Contrib\HttpPostFile\Release\HttpPostFile.pdb source: 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: C:\workspace\CR-Windows-x64-Client-Builder\CRLogTransport\public\binary\Win\x64\Release\CRLogTransport.pdbQ source: 1.exe, 00000000.00000003.2083187341.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp
        Source: Binary string: D:\workspace\RT_Win_8_2\Mainline\public\binary\Win\x64\Release\LogTransport2.pdb source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmp
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00406A18 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00406A18
        Source: initial sampleStatic PE information: section where entry point is pointing to: .rsrc
        Source: 1.exeStatic PE information: section name: .Upack
        Source: rundl132.exe.0.drStatic PE information: section name: .Upack
        Source: AppSharingHookController64.exe.0.drStatic PE information: section name: .Upack
        Source: Dll.dll.0.drStatic PE information: section name: .petite
        Source: Dll.dll.0.drStatic PE information: section name:
        Source: Dll.dll.0.drStatic PE information: section name:
        Source: Dll.dll.0.drStatic PE information: section name:
        Source: SQLDumper.exe.0.drStatic PE information: section name: .Upack
        Source: Uninstall.exe.0.drStatic PE information: section name: .Upack
        Source: maintenanceservice.exe.0.drStatic PE information: section name: .Upack
        Source: jusched.exe.0.drStatic PE information: section name: .Upack
        Source: jucheck.exe.0.drStatic PE information: section name: .Upack
        Source: jaureg.exe.0.drStatic PE information: section name: .Upack
        Source: armsvc.exe.0.drStatic PE information: section name: .Upack
        Source: AdobeARMHelper.exe.0.drStatic PE information: section name: .Upack
        Source: VSTOInstaller.exe.0.drStatic PE information: section name: .Upack
        Source: javaws.exe.0.drStatic PE information: section name: .Upack
        Source: javaw.exe.0.drStatic PE information: section name: .Upack
        Source: java.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleCrashHandler64.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleCrashHandler.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleUpdateOnDemand.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleUpdateCore.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleUpdateComRegisterShell64.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleUpdateBroker.exe.0.drStatic PE information: section name: .Upack
        Source: GoogleUpdate.exe.0.drStatic PE information: section name: .Upack
        Source: java.exe0.0.drStatic PE information: section name: .Upack
        Source: java-rmi.exe.0.drStatic PE information: section name: .Upack
        Source: jabswitch.exe.0.drStatic PE information: section name: .Upack
        Source: javaws.exe0.0.drStatic PE information: section name: .Upack
        Source: javaw.exe0.0.drStatic PE information: section name: .Upack
        Source: javacpl.exe.0.drStatic PE information: section name: .Upack
        Source: rmiregistry.exe.0.drStatic PE information: section name: .Upack
        Source: pack200.exe.0.drStatic PE information: section name: .Upack
        Source: orbd.exe.0.drStatic PE information: section name: .Upack
        Source: ktab.exe.0.drStatic PE information: section name: .Upack
        Source: klist.exe.0.drStatic PE information: section name: .Upack
        Source: kinit.exe.0.drStatic PE information: section name: .Upack
        Source: keytool.exe.0.drStatic PE information: section name: .Upack
        Source: jp2launcher.exe.0.drStatic PE information: section name: .Upack
        Source: jjs.exe.0.drStatic PE information: section name: .Upack
        Source: rmid.exe.0.drStatic PE information: section name: .Upack
        Source: policytool.exe.0.drStatic PE information: section name: .Upack
        Source: unpack200.exe.0.drStatic PE information: section name: .Upack
        Source: tnameserv.exe.0.drStatic PE information: section name: .Upack
        Source: ssvagent.exe.0.drStatic PE information: section name: .Upack
        Source: servertool.exe.0.drStatic PE information: section name: .Upack
        Source: integrator.exe.0.drStatic PE information: section name: .Upack
        Source: MSOHTMED.EXE.0.drStatic PE information: section name: .Upack
        Source: LICLUA.EXE.0.drStatic PE information: section name: .Upack
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040507C push 00405188h; ret 0_2_00405180
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040502C push 00405058h; ret 0_2_00405050
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040403C push 0040408Dh; ret 0_2_00404085
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004078F4 push 00407920h; ret 0_2_00407918
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040792C push 00407958h; ret 0_2_00407950
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040426C push 00404298h; ret 0_2_00404290
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00407AD4 push 00407B20h; ret 0_2_00407B18
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004042A4 push 004042D0h; ret 0_2_004042C8
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404B50 push 00404B7Ch; ret 0_2_00404B74
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00407BEC push 00407C18h; ret 0_2_00407C10
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00406BA4 push 00406BD0h; ret 0_2_00406BC8
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404BAE push 00404BDCh; ret 0_2_00404BD4
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404BB0 push 00404BDCh; ret 0_2_00404BD4
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00405C44 push 00405C70h; ret 0_2_00405C68
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004054E4 push 00405510h; ret 0_2_00405508
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004054AC push 004054D8h; ret 0_2_004054D0
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040552A push 00405558h; ret 0_2_00405550
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_0040552C push 00405558h; ret 0_2_00405550
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404E75 push 00404EC8h; ret 0_2_00404EC0
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404E7C push 00404EC8h; ret 0_2_00404EC0
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404608 push 00404634h; ret 0_2_0040462C
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404ECA push 00404F2Fh; ret 0_2_00404F27
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404ECC push 00404F2Fh; ret 0_2_00404F27
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00406E98 push 00406EC4h; ret 0_2_00406EBC
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404F29 push 00404F2Fh; ret 0_2_00404F27
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404FF4 push 00405020h; ret 0_2_00405018
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004067A4 push 004067E6h; ret 0_2_004067DE
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004057AA push 004057D8h; ret 0_2_004057D0
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_004057AC push 004057D8h; ret 0_2_004057D0
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00412CE0 push 00412D39h; ret 0_2_00412D31
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00412CDE push 00412D39h; ret 0_2_00412D31
        Source: 1.exeStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: rundl132.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: AppSharingHookController64.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: Dll.dll.0.drStatic PE information: section name: .petite entropy: 7.8822889544063
        Source: SQLDumper.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: Uninstall.exe.0.drStatic PE information: section name: .rsrc entropy: 7.857432355462329
        Source: maintenanceservice.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: jusched.exe.0.drStatic PE information: section name: .rsrc entropy: 7.890784772459498
        Source: jucheck.exe.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: jaureg.exe.0.drStatic PE information: section name: .rsrc entropy: 7.878304669434353
        Source: armsvc.exe.0.drStatic PE information: section name: .rsrc entropy: 7.880507599121225
        Source: AdobeARMHelper.exe.0.drStatic PE information: section name: .rsrc entropy: 7.9570525738931766
        Source: VSTOInstaller.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: javaws.exe.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: javaw.exe.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: java.exe.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: GoogleCrashHandler64.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: GoogleCrashHandler.exe.0.drStatic PE information: section name: .rsrc entropy: 7.892629602364019
        Source: GoogleUpdateOnDemand.exe.0.drStatic PE information: section name: .rsrc entropy: 7.892629602364019
        Source: GoogleUpdateCore.exe.0.drStatic PE information: section name: .rsrc entropy: 7.892629602364019
        Source: GoogleUpdateComRegisterShell64.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: GoogleUpdateBroker.exe.0.drStatic PE information: section name: .rsrc entropy: 7.892629602364019
        Source: GoogleUpdate.exe.0.drStatic PE information: section name: .rsrc entropy: 7.892629602364019
        Source: java.exe0.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: java-rmi.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: jabswitch.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: javaws.exe0.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: javaw.exe0.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: javacpl.exe.0.drStatic PE information: section name: .rsrc entropy: 7.86796165586835
        Source: rmiregistry.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: pack200.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: orbd.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: ktab.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: klist.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: kinit.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: keytool.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: jp2launcher.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: jjs.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: rmid.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: policytool.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: unpack200.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: tnameserv.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: ssvagent.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: servertool.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: integrator.exe.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: MSOHTMED.EXE.0.drStatic PE information: section name: .rsrc entropy: 7.883969322730811
        Source: LICLUA.EXE.0.drStatic PE information: section name: .rsrc entropy: 7.959227025520099

        Persistence and Installation Behavior

        barindex
        Drops executable to a common third party application directory
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
        Infects executable files (exe, dll, sys, html)
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_acro.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\32BitMAPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\adobe_licensing_wf_helper_acro.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\64BitMAPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\MSRMSPIBroker.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeSystem file written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exeJump to behavior
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Windows\rundl132.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXEJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXEJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Windows\Dll.dllJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Windows\rundl132.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeFile created: C:\Windows\Dll.dllJump to dropped file

        Boot Survival

        barindex
        Creates an undocumented autostart registry key
        Source: C:\Users\user\Desktop\1.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows loadJump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"

        Hooking and other Techniques for Hiding and Protection

        barindex
        Creates files in the recycle bin to hide itself
        Source: C:\Users\user\Desktop\1.exeFile created: C:\$Recycle.Bin\_desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\1.exeWindow / User API: threadDelayed 1961Jump to behavior
        Source: C:\Users\user\Desktop\1.exeWindow / User API: threadDelayed 7490Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 879Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 873Jump to behavior
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXEJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\klist.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXEJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exeJump to dropped file
        Source: C:\Users\user\Desktop\1.exeDropped PE file which has not been started: C:\Windows\Dll.dllJump to dropped file
        Source: C:\Users\user\Desktop\1.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-6539
        Source: C:\Users\user\Desktop\1.exe TID: 1868Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\1.exe TID: 1868Thread sleep time: -196100s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\1.exe TID: 1868Thread sleep time: -749000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\1.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404A80 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_00404A80
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404A7E FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,0_2_00404A7E
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00412274 FindFirstFileA,FindNextFileA,FindFirstFileA,FindNextFileA,FindFirstFileA,Sleep,FindNextFileA,0_2_00412274
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00412270 FindFirstFileA,FindNextFileA,FindFirstFileA,FindNextFileA,FindFirstFileA,Sleep,FindNextFileA,0_2_00412270
        Source: C:\Users\user\Desktop\1.exeThread delayed: delay time: 30000Jump to behavior
        Source: explorer.exe, 00000008.00000000.2032781472.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
        Source: explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
        Source: explorer.exe, 00000008.00000000.2035366718.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
        Source: explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
        Source: explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
        Source: explorer.exe, 00000008.00000000.2031787683.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
        Source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \Adobe\AdobeGCClient"\Adobe\AdobeGCClient\AGCInvokerUtility.exe\AGCInvokerUtility.exe --appID= --appVersion= --appProfileScope= --appPath=x-request-idROOT\CIMV2SELECT * FROM Win32_ComputerSystemWQLHypervisorPresentManufacturerModelVMwareVirtualBoxXenQEMUGoogleVirtualOpenStackSELECT * FROM Win32_ComputerSystemProductUUIDEC2lFnIsWow64Process2 not availablex64ARM64UnknownPROCESSOR_LEVELPROCESSOR_REVISION\\.\PhysicalDrive0%ProgramW6432%\Common FilesAdobe
        Source: explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
        Source: explorer.exe, 00000008.00000000.2031787683.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
        Source: explorer.exe, 00000008.00000000.2031002716.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
        Source: explorer.exe, 00000008.00000000.2032781472.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
        Source: explorer.exe, 00000008.00000002.4467406438.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B2C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: 1.exe, 00000000.00000002.4448360463.0000000000480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
        Source: explorer.exe, 00000008.00000000.2031787683.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
        Source: explorer.exe, 00000008.00000000.2031787683.0000000003530000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
        Source: explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
        Source: 1.exe, 00000000.00000002.4448360463.0000000000480000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllmswsock.dll
        Source: explorer.exe, 00000008.00000000.2031002716.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
        Source: explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000008.00000002.4459812498.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: C:\Users\user\Desktop\1.exeAPI call chain: ExitProcess graph end nodegraph_0-6387
        Source: C:\Users\user\Desktop\1.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00406A18 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00406A18

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Allocates memory in foreign processes
        Source: C:\Users\user\Desktop\1.exeMemory allocated: C:\Windows\explorer.exe base: 1230000 protect: page execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\1.exeMemory allocated: C:\Windows\explorer.exe base: 1240000 protect: page read and writeJump to behavior
        Injects code into the Windows Explorer (explorer.exe)
        Source: C:\Users\user\Desktop\1.exeMemory written: PID: 1028 base: 1240000 value: 43Jump to behavior
        Source: C:\Users\user\Desktop\1.exeMemory written: PID: 1028 base: 1230000 value: B8Jump to behavior
        Writes to foreign memory regions
        Source: C:\Users\user\Desktop\1.exeMemory written: C:\Windows\explorer.exe base: 1240000Jump to behavior
        Source: C:\Users\user\Desktop\1.exeMemory written: C:\Windows\explorer.exe base: 1230000Jump to behavior
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00410494 LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,AllocateAndInitializeSid,AllocateAndInitializeSid,0_2_00410494
        Source: 1.exe, 00000000.00000003.2267949785.0000000004138000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
        Source: explorer.exe, 00000008.00000002.4470629782.0000000009BE4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3792018335.0000000009BE3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096212506.0000000009B7A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
        Source: explorer.exe, 00000008.00000000.2031428214.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4449273187.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: explorer.exe, 00000008.00000000.2032483601.0000000004B00000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2031428214.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4449273187.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 00000008.00000000.2031428214.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4449273187.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: 1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Ctrl+RightLeftDownUpDecimalMinusMultiplyDivideTabSpaceDeleteEscapeEndInsertEnterHomeForwardBackwardPLAT_WIN1PageDownPageUpMenuWinSciTEACCELSSciTEWindowContentSciTEWindowPLAT_WINNT1toolbar.largecreate.hidden.consolegbkbig5euc-krshift_jisutf-8asciilatin2latin1translation.encodingwindows-1251ScaleFactoriso-8859-5cyrillic1250iso8859-11SciTE_HOMEAppsUseLightThemeSciTE_USERHOMESciTE_HOMEPropertiesScaleFactorSoftware\Microsoft\Windows\CurrentVersion\Themes\PersonalizeEmbeddedRich Text FormatButtonShell_TrayWndUSERPROFILESciTE_HOMEHtmlHelpWHHCTRL.OCX
        Source: 1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 INSTALLUWPAPP=1 IS_COEX_REPAIR=1 /qn/qb REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 BROADCASTCEFRELOAD=1 \/0\*cef_*/qn CLEANUP_CEFFOLDER=1 DISABLE_FIU_CHECK=1 /i msiexec.exe/i ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn.msiexec.exe/i ADDLOCAL=OptionalFeatures,DistillerCJKNative,DistillerCJKSupport,PaperCaptureOptional,PreFlightPlugin DISABLE_FIU_CHECK=1 TRANSITION_INSTALL_MODE=4 SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn\msiexec.exeSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList\MRUListAcrobat.exeMRUListAppDoNotTakePDFOwnershipAtLaunch\\\AppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\RtlGetVersionntdll.dllAdobe Systems, IncorporatedAdobe Inc.Adobe Systems Incorporated1.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.2.840.113549.1.9.61.3.6.1.4.1.311.3.3.1kernel32IsWow64ProcessSystem\CurrentControlSet\Control\CitrixProductVersionNumSoftware\Adobe\Acrobat\ExeSoftware\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA/RegisterFileTypesOwnership /PRODUCT:Acrobat /VERSION:12.0 /FixPDF 3305580Click on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#32770/\Click on 'Change' to select default PDF handler#32770ADelRCP.exepropertiesClick on 'Change' to select default PDF handler.pdfShowAppPickerForPDF.exeProgram ManagerPROGMANApplicationClick on 'Change' to select default PDF handler.pdf Properties#32770Click on 'Change' to select default PDF handler Properties#3277012Click on 'Change' to select default PDF handler#32770Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice.0Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice\InstallerSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdfSOFTWARE\Adobe\Acrobat Reader\12{A6EADE66-0000-0000-484E-7E8A45000000}{AC76BA86-0000-0000-7761-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-BA7E-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\VersionMajorVersionMinorVersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\.0SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\PATHVersionMajorVersionMinor7760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderDCSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\\InstallerSOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\ENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdf{AC76BA86-0000-00
        Source: explorer.exe, 00000008.00000000.2031428214.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4449273187.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: explorer.exe, 00000008.00000000.2031002716.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4446753251.0000000000EF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
        Source: 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {A6EADE66-0000-0000-484E-7E8A45000000}SOFTWARE\Adobe\Acrobat Reader\{AC76BA86-0000-0000-7761-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Adobe Acrobat\{AC76BA86-0000-0000-7760-7E8A45000000}{AC76BA86-0000-0000-BA7E-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\VersionMajorVersionMinor12VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\.0\InstallerPATHVersionMajorVersionMinor1207760-BA7E-7AD7-VersionStringInstalledProductNameAdobe AcrobatreaderSOFTWARE\Wow6432Node\Adobe\Acrobat Reader\SOFTWARE\Wow6432Node\Adobe\Adobe Acrobat\SOFTWARE\Adobe\Acrobat Reader\SOFTWARE\Adobe\Adobe Acrobat\.0DC\InstallerENU_GUIDPATHInstallLocationAcrobat.Document.DC.pdf{AC76BA86-0000-0000-7760-7E8A45000000}TrunkBetaDCVersionMajorSOFTWARE\Google\Chrome\SOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajSOFTWARE\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapturehttps://clients2.google.com/service/update2/crxupdate_urlBrowser\WCChromeExtn\manifest.jsonSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkajAcrobat.Document.SOFTWARE\Google\Chrome\NativeMessagingHosts\Acrobat.Document.11.pdfcom.adobe.acrobat.chrome_webcaptureSOFTWARE\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj.VersionMajor{AC76BA86-0000-0000-7760-7E8A45000000}SOFTWARE\Adobe\Adobe Acrobat\DC\InstallerLowerCoExVersionCoExRepairDone\RDCNotificationAppx\ADCNotificationAppx\NotificationAppxSOFTWARE\Adobe\Adobe Acrobat\\DC\SOFTWARE\Adobe\Adobe Acrobat\\DC\Installer\AppVersionAppVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionReleaseId/i msiexec.exe REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 INSTALLUWPAPP=1 IS_COEX_REPAIR=1 /qnBROADCASTCEFRELOAD=1 REINSTALLMODE=omus DISABLE_FIU_CHECK=1 IGNOREAAM=1 REPAIRFROMAPP=1 /qb\/\*cef_* CLEANUP_CEFFOLDER=1 DISABLE_FIU_CHECK=1 /qn/i msiexec.exe ADD_ALL_DICT=1 REINSTALL=AdobeCommonLinguistics SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exe ADDLOCAL=OptionalFeatures,DistillerCJKNative,DistillerCJKSupport,PaperCaptureOptional,PreFlightPlugin DISABLE_FIU_CHECK=1 TRANSITION_INSTALL_MODE=4 SKIP_WEBRCS_REINSTALL=1 SKIP_CEF_KILL=1 /qn/i msiexec.exeAppDoNotTakePDFOwnershipAtLaunchSoftware\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithListMRUListAcrobat.exeMRUListAppDoNotTakePDFOwnershipAtLaunchWin10DisableOwnershipPrompt.pdf.pdfxml.acrobatsecuritysettings.fdf.xfdf.xdp.pdx.api.secstore.sequ.rmf.bpdxAdobe Acrobat XI ProRtlGetVersionntdll.dll\??\UNC\\\\\?\UNC\\Device\Mup\\Device\LanmanRedirector\\Device\WebDavRedirector\\Device\WinDfs\\Device\NetWareRedirector\\Device\nwrdr\RtlGetVersionntdll.dllAdobe Systems, IncorporatedAdobe Inc.Adobe Systems Incorporated1.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.3.6.1.4.1.311.2.1.121.2.840.113549.1.9.61.3.6.1.4.1.311.3.3.1kernel32IsWow64ProcessSystem\CurrentControlSet\Control\CitrixProdu
        Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_desktop.ini VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00408E18 GetACP,ReadFile,GlobalAlloc,ReadFile,CloseHandle,FindCloseChangeNotification,Sleep,Sleep,GetLocalTime,CreateThread,Sleep,CreateThread,CreateThread,Sleep,TranslateMessage,DispatchMessageA,Sleep,0_2_00408E18
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00410494 LookupAccountNameA,GetSidIdentifierAuthority,GetSidSubAuthorityCount,GetSidSubAuthority,AllocateAndInitializeSid,AllocateAndInitializeSid,0_2_00410494
        Source: C:\Users\user\Desktop\1.exeCode function: 0_2_00404091 GetCommandLineA,GetVersion,GetVersion,GetThreadLocale,GetThreadLocale,GetCurrentThreadId,0_2_00404091

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Disables security and backup related services
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: C:\Users\user\Desktop\1.exeProcess created: C:\Windows\SysWOW64\net.exe net stop "Kingsoft AntiVirus Service"Jump to behavior
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\workspace\RT_Win_8_2\Mainline\Headlights\LogTransport\main\Application\source\xplat\Uploader.cpp
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <AdobeIP#0000682>D:\workspace\RT_Win_8_2\Mainline\Headlights\LogTransport\main\Application\source\xplat\LogTransportDriver.cppLogTransUtils::GetUserLogFullPath emptysUsrConfigemptysSonarEmptysPersonGuid emptyGet Sonar from server, Sonar: %0a%0d\-110SOFTWARE\Policies\Adobe\APIPHLSOFTWARE\Policies\Adobe\APIPCCenabledActiveKillHibernateoptstateGet config Response Headers:]:[imsnakilloptoutOptstate doesn't have a valid value, will retryPIIP server is not available to fetch user's optstate right now, will retryKill switch enabled from receiver, deleting all the highbeam logs created on this machineOptstate is Opt out, deleting logsOptstate is Opt in, will upload logsGet Config from server, config: .xml.rdy.tmpprocessFiles failureGetSonarFile failedGetConfigFile failedLog upload failed and Going to sleepMove Low Right Logs...\Adobe\LogTransport2CC\Logs\].] to [Moving file [Commandline Arguments: ] = argv[Get Resource Locker failNo person GUID passed in, will exit.Anonymous user logs will be sent to headlights receiversSigned in user logs will be sent to highbeam receiversGet user data failInstaller kill switch is enabled!, ulogstatus=, url=, retryinterval=, maxretries=: maxdiskspace=Local configTry to send logsTry to send pre-release logs only as status is killcfInfo.msUlogStatus != LOGTRANSPORTLIB_ACTIVEException happensHouse keepingException happens in HouseKeeping------return in main------LogTranpsport received signal to shut downMemory allocation fails!tlog.log, File size is more than the thresholdDeleting log file Upload started for Upload succeeded for Exception: In Upload fileMaxTransportRetriesMessageSendIntervalBaseUrlMaxOfflineStoreSizeHousekeepingDiscardSessionsCrashDetectionTimeMaxNetworkRetryIntervalNo real time data available in offline db nowdeque<T> too longAdobe\LogTransport2CCAdobe\RTTransfer\Logs\Adobe\RTTransfer\sonar_policy.xml\RTTransfer.configABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Open registry with key: with key: Query registry value with key: Create registry entry with key: Set registry value
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: LogTransportClose HTTP connection!D:\workspace\RT_Win_8_2\Mainline\Headlights\LogTransport\main\Application\source\xplat\Uploader.cpp
        Source: 1.exe, 00000000.00000003.2267949785.0000000004138000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\workspace\RT_Win_8_2\Mainline\public\binary\Win\x64\Release\LogTransport2.pdbTTNGCTL
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\workspace\RT_Win_8_2\Mainline\Headlights\LogTransport\main\Application\source\xplat\LogTransportDriver.cpp
        Source: 1.exe, 00000000.00000003.2084739962.0000000004060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\workspace\RT_Win_8_2\Mainline\public\binary\Win\x64\Release\LogTransport2.pdb

        Remote Access Functionality

        barindex
        Yara detected Hancitor
        Source: Yara matchFile source: Process Memory Space: 1.exe PID: 4324, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Replication Through Removable Media        		1
        Service Execution        		1
        Windows Service        		1
        Windows Service        		123
        Masquerading        		11
        Input Capture        		1
        System Time Discovery        		1
        Taint Shared Content        		11
        Input Capture        		Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Native API        		1
        Registry Run Keys / Startup Folder        		312
        Process Injection        		1
        Disable or Modify Tools        		LSASS Memory11
        Security Software Discovery        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt1
        DLL Side-Loading        		1
        Registry Run Keys / Startup Folder        		11
        Virtualization/Sandbox Evasion        		Security Account Manager11
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS3
        Process Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Hidden Files and Directories        		LSA Secrets1
        Application Window Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
        Obfuscated Files or Information        		Cached Domain Credentials11
        Peripheral Device Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        Software Packing        		DCSync1
        Account Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc Filesystem1
        System Owner/User Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow3
        File and Directory Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing13
        System Information Discovery        		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1430913 Sample: 1.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 100 42 Snort IDS alert for network traffic 2->42 44 Antivirus detection for URL or domain 2->44 46 Antivirus detection for dropped file 2->46 48 8 other signatures 2->48 7 1.exe 1 1001 2->7         started        process3 dnsIp4 36 192.168.2.100 unknown unknown 7->36 38 192.168.2.101 unknown unknown 7->38 40 98 other IPs or domains 7->40 28 C:\Windows\rundl132.exe, PE32 7->28 dropped 30 C:\Windows\Dll.dll, PE32 7->30 dropped 32 C:\ProgramData\Microsoft\...\integrator.exe, PE32 7->32 dropped 34 44 other malicious files 7->34 dropped 50 Creates files in the recycle bin to hide itself 7->50 52 Creates an undocumented autostart registry key 7->52 54 Injects code into the Windows Explorer (explorer.exe) 7->54 56 5 other signatures 7->56 12 net.exe 1 7->12         started        14 net.exe 1 7->14         started        16 explorer.exe 100 5 7->16 injected file5 signatures6 process7 process8 18 conhost.exe 12->18         started        20 net1.exe 1 12->20         started        22 conhost.exe 14->22         started        24 net1.exe 1 14->24         started        26 notepad.exe 5 16->26         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        1.exe87%VirustotalBrowse
        1.exe100%AviraW32/Viking.BD.Upk
        1.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%AviraW32/Viking.BD.Upk
        C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe100%Joe Sandbox ML
        C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe100%Joe Sandbox ML
        C:\Windows\Dll.dll87%ReversingLabsWin32.Worm.Viking
        C:\Windows\rundl132.exe97%ReversingLabsWin32.Worm.Viking

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://word.office.comon0%URL Reputationsafe
        https://powerpoint.office.comcember0%URL Reputationsafe
        https://powerpoint.office.comcember0%URL Reputationsafe
        http://schemas.micro0%URL Reputationsafe
        https://unitedstates4.ss.wd.microsoft.us/0%URL Reputationsafe
        https://mozilla.org0/0%URL Reputationsafe
        https://unitedstates1.ss.wd.microsoft.us/0%URL Reputationsafe
        http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor0%URL Reputationsafe
        http://java.sun.com0%URL Reputationsafe
        https://scss.adobesc.comhttps://scss.adobesc.comhttps://scss.adobesc.com0%Avira URL Cloudsafe
        https://unitedstates2.ss.wd.microsoft.us/0%URL Reputationsafe
        http://crl.v0%URL Reputationsafe
        https://support.mozilla.orgPublisherUninstallString0%Avira URL Cloudsafe
        http://www.activestate.comHolger0%Avira URL Cloudsafe
        https://scss.adobesc.cominvalidAnnotIdList0%Avira URL Cloudsafe
        https://crbug.com/820996LaunchElevatedProcessdisable-best-effort-tasksdisable-breakpaddisable-featur0%Avira URL Cloudsafe
        https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload0%Avira URL Cloudsafe
        https://crbug.com/820996LaunchElevatedProcessdisable-best-effort-tasksdisable-breakpaddisable-featur0%VirustotalBrowse
        https://crbug.com/8209960%VirustotalBrowse
        http://www.baanboard.comBrendon0%Avira URL Cloudsafe
        https://crbug.com/820996LaunchElevatedProcessXML0%Avira URL Cloudsafe
        https://crbug.com/8209960%Avira URL Cloudsafe
        https://scss.adobesc.comreasoncom.adobe.review.sdk0%Avira URL Cloudsafe
        https://www.smartsharesystems.com/0%Avira URL Cloudsafe
        https://scss.adobesc.com0%Avira URL Cloudsafe
        https://scss.adobesc.com00%Avira URL Cloudsafe
        http://www.develop.com0%Avira URL Cloudsafe
        https://scss.adobesc.comAcroCoreSyncSharedReviewLoggingEnabledAcrobat_DesktopUserhttps://comments.ad0%Avira URL Cloudsafe
        https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Pref/StateMachinehttps://PrefSyncJob/com0%Avira URL Cloudsafe
        http://www.spaceblue.com0%Avira URL Cloudsafe
        https://crbug.com/820996LaunchElevatedProcessXML0%VirustotalBrowse
        https://www.smartsharesystems.com/0%VirustotalBrowse
        http://www.develop.com0%VirustotalBrowse
        https://scss.adobesc.comemptyAnnotations0%Avira URL Cloudsafe
        http://www.baanboard.com0%Avira URL Cloudsafe
        http://www.develop.comDeepak0%Avira URL Cloudsafe
        http://es5.github.io/#x15.4.4.210%Avira URL Cloudsafe
        https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/RFList0%Avira URL Cloudsafe
        http://www.spaceblue.com0%VirustotalBrowse
        https://scss.adobesc.com0%VirustotalBrowse
        https://scss.adobesc.comK0%Avira URL Cloudsafe
        http://www.rftp.comJosiah0%Avira URL Cloudsafe
        http://www.baanboard.com1%VirustotalBrowse
        https://scss.adobesc.comcommandNameAdd_AnnotsDelete_AnnotsUpdate_AnnotsEurekaReviewFetchReviewUpdate0%Avira URL Cloudsafe
        https://lifecycleapp.operationlifecycle.shutdownlifecycle.startuptimer.starttimertimer.stoppedtimer.0%Avira URL Cloudsafe
        http://java.sun.comnot0%Avira URL Cloudsafe
        http://www.spaceblue.comMathias0%Avira URL Cloudsafe
        http://127.0.0.1:13556/InsiderSlabBehaviorReportedStateInsiderSlabBehaviorInsiderSlabBehaviorReporte0%Avira URL Cloudsafe
        http://es5.github.io/#x15.4.4.210%VirustotalBrowse
        https://www.smartsharesystems.com/Morten0%Avira URL Cloudsafe
        https://scss.adobesc.comReadStatus0%Avira URL Cloudsafe
        https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Pref/StateMachine0%Avira URL Cloudsafe
        http://258ip.com/down/update1.exehttp://258ip.com/down/update2.exehttp://258ip.com/down/update3.exeh100%Avira URL Cloudmalware
        http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte0%Avira URL Cloudsafe
        http://127.0.0.1:13556/InsiderSlabBehaviorReportedStateInsiderSlabBehaviorInsiderSlabBehaviorReporte1%VirustotalBrowse
        https://www.smartsharesystems.com/Morten0%VirustotalBrowse
        http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte0%VirustotalBrowse
        http://258ip.com/down/update1.exehttp://258ip.com/down/update2.exehttp://258ip.com/down/update3.exeh3%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://word.office.comonexplorer.exe, 00000008.00000000.2035366718.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        		unknown
        https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://crbug.com/820996LaunchElevatedProcessdisable-best-effort-tasksdisable-breakpaddisable-featur1.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://support.mozilla.orgPublisherUninstallString1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.scintilla.org/scite.rng1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://crashpad.chromium.org/bug/new1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://scss.adobesc.comhttps://scss.adobesc.comhttps://scss.adobesc.com1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.activestate.comHolger1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://powerpoint.office.comcemberexplorer.exe, 00000008.00000000.2037794492.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4475814466.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed8811.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://scss.adobesc.cominvalidAnnotIdList1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://stackoverflow.com/a/15123777)1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://www.computerhope.com/forum/index.php?topic=76293.01.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    https://excel.office.comexplorer.exe, 00000008.00000002.4470629782.0000000009BE4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3792018335.0000000009BE3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096212506.0000000009B7A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.microexplorer.exe, 00000008.00000000.2034860776.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4464152797.0000000007DC0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.4466202794.0000000008890000.00000002.00000001.00040000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.autoitscript.com/autoit3/1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2265360973.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://www.baanboard.comBrendon1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://crbug.com/8209961.exe, 00000000.00000003.2069214748.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://scss.adobesc.comreasoncom.adobe.review.sdk1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.smartsharesystems.com/1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.scintilla.org1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://crbug.com/820996LaunchElevatedProcessXML1.exe, 00000000.00000003.2190991302.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            http://stackoverflow.com/a/1465386/42241631.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://scss.adobesc.com1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://scss.adobesc.com01.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.tutorialspoint.com/javascript/array_map.htm1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://www.develop.com1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                https://scss.adobesc.comAcroCoreSyncSharedReviewLoggingEnabledAcrobat_DesktopUserhttps://comments.ad1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                https://www.dropbox.com/oauth2/authorize1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsuninstall_ping_1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Pref/StateMachinehttps://PrefSyncJob/com1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://www.spaceblue.com1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://scss.adobesc.comemptyAnnotations1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.dropbox.com/oauth2/authorizeInvalidBrowserSettingsBrowserCreationFailedInvalidRenderHand1.exe, 00000000.00000003.2086159442.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.autoitscript.com/autoit3/81.exe, 00000000.00000003.2265959897.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2274244679.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2266435450.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.baanboard.com1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000008.00000003.3790282794.000000000C512000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2037794492.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4476952895.000000000C512000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096602674.000000000C50F000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.develop.comDeepak1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://unitedstates4.ss.wd.microsoft.us/1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.7-zip.org/1.exe, 00000000.00000003.2067578849.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://es5.github.io/#x15.4.4.211.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.autoitscript.com/site/autoit/81.exe, 00000000.00000003.2266970768.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://wns.windows.com/)sexplorer.exe, 00000008.00000000.2035366718.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.autoitscript.com/autoit3/J1.exe, 00000000.00000003.2267949785.000000000414D000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2038353253.000000000C81C000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://crashpad.chromium.org/1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2199695779.00000000042BC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/RFList1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      https://mozilla.org0/1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244245625.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2236451239.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2244536391.0000000002030000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2241462892.000000000207F000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243476720.0000000002011000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004137000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2243142876.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2240207923.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://crash-reports.mozilla.com/submit?id=1.exe, 00000000.00000003.2238708126.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://scss.adobesc.comK1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://support.google.com/chrome/?p=usage_stats_crash_reports1.exe, 00000000.00000003.2215777859.00000000043EC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.rftp.comJosiah1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.activestate.com1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://scss.adobesc.comcommandNameAdd_AnnotsDelete_AnnotsUpdate_AnnotsEurekaReviewFetchReviewUpdate1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		low
                                                              https://qsurvey.mozilla.com/s3/FF-Desktop-Post-Uninstall?channel=release&version=118.0.1&osversion=1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://lifecycleapp.operationlifecycle.shutdownlifecycle.startuptimer.starttimertimer.stoppedtimer.1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://unitedstates1.ss.wd.microsoft.us/1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.rftp.com1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://support.google.com/chrome?p=chrome_uninstall_surveymicrosoft-edge:open..1.exe, 00000000.00000003.2215777859.0000000004071000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://java.sun.comnot1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://nsis.sf.net/NSIS_ErrorError1.exe, 00000000.00000003.2240859710.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2246792271.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2270118590.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.autoitscript.com/autoit3/1.exe, 00000000.00000003.2270489248.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://outlook.comexplorer.exe, 00000008.00000002.4470629782.0000000009BE4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3792018335.0000000009BE3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3096212506.0000000009B7A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2035366718.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.3097392066.0000000009BE3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://firefox.settings.services.mozilla.com/v11.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.spaceblue.comMathias1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://127.0.0.1:13556/InsiderSlabBehaviorReportedStateInsiderSlabBehaviorInsiderSlabBehaviorReporte1.exe, 00000000.00000003.2225154341.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • 1%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.smartsharesystems.com/Morten1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • 0%, Virustotal, Browse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://java.sun.com1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsopen1.exe, 00000000.00000003.2246792271.00000000040B4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://scss.adobesc.comReadStatus1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.lua.org1.exe, 00000000.00000003.2282074477.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Pref/StateMachine1.exe, 00000000.00000003.2074834480.0000000004060000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4451156723.00000000026BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low
                                                                                          https://android.notify.windows.com/iOSexplorer.exe, 00000008.00000002.4459812498.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2032781472.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://firefox.settings.services.mozilla.com/v1MaybeMigrateVersion1118.0.1.0in1.exe, 00000000.00000003.2237302809.0000000001FCC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://258ip.com/down/update1.exehttp://258ip.com/down/update2.exehttp://258ip.com/down/update3.exeh1.exe, 00000000.00000002.4450973243.0000000001FC0000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000002.4450486239.0000000001F60000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                • 3%, Virustotal, Browse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://stackoverflow.com/questions/1068834/object-comparison-in-javascript1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte1.exe, 00000000.00000002.4451156723.0000000002495000.00000004.00000020.00020000.00000000.sdmp, integrator.exe.0.drfalse
                                                                                                  • 0%, Virustotal, Browse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://api.msn.com/explorer.exe, 00000008.00000000.2035366718.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.4467406438.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf1.exe, 00000000.00000003.2294377748.0000000001FCC000.00000004.00001000.00020000.00000000.sdmp, 1.exe, 00000000.00000003.2291219135.0000000004060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://unitedstates2.ss.wd.microsoft.us/1.exe, 00000000.00000002.4451156723.00000000021C2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://crl.vexplorer.exe, 00000008.00000002.4446753251.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2031002716.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious

                                                                                                      Private

                                                                                                      IP
                                                                                                      192.168.2.148
                                                                                                      192.168.2.149
                                                                                                      192.168.2.146
                                                                                                      192.168.2.147
                                                                                                      192.168.2.140
                                                                                                      192.168.2.141
                                                                                                      192.168.2.144
                                                                                                      192.168.2.145
                                                                                                      192.168.2.142
                                                                                                      192.168.2.143
                                                                                                      192.168.2.159
                                                                                                      192.168.2.157
                                                                                                      192.168.2.158
                                                                                                      192.168.2.151
                                                                                                      192.168.2.152
                                                                                                      192.168.2.150
                                                                                                      192.168.2.155
                                                                                                      192.168.2.156
                                                                                                      192.168.2.153
                                                                                                      192.168.2.154
                                                                                                      192.168.2.126
                                                                                                      192.168.2.127
                                                                                                      192.168.2.124
                                                                                                      192.168.2.125
                                                                                                      192.168.2.128
                                                                                                      192.168.2.129
                                                                                                      192.168.2.240
                                                                                                      192.168.2.122
                                                                                                      192.168.2.123
                                                                                                      192.168.2.120
                                                                                                      192.168.2.241
                                                                                                      192.168.2.121
                                                                                                      192.168.2.97
                                                                                                      192.168.2.137
                                                                                                      192.168.2.96
                                                                                                      192.168.2.138
                                                                                                      192.168.2.99
                                                                                                      192.168.2.135
                                                                                                      192.168.2.98
                                                                                                      192.168.2.136
                                                                                                      192.168.2.139
                                                                                                      192.168.2.130
                                                                                                      192.168.2.91
                                                                                                      192.168.2.90
                                                                                                      192.168.2.93
                                                                                                      192.168.2.133
                                                                                                      192.168.2.92
                                                                                                      192.168.2.134
                                                                                                      192.168.2.95
                                                                                                      192.168.2.131
                                                                                                      192.168.2.94
                                                                                                      192.168.2.132
                                                                                                      192.168.2.104
                                                                                                      192.168.2.225
                                                                                                      192.168.2.105
                                                                                                      192.168.2.226
                                                                                                      192.168.2.102
                                                                                                      192.168.2.223
                                                                                                      192.168.2.103
                                                                                                      192.168.2.224
                                                                                                      192.168.2.108
                                                                                                      192.168.2.229
                                                                                                      192.168.2.109
                                                                                                      192.168.2.106
                                                                                                      192.168.2.227
                                                                                                      192.168.2.107
                                                                                                      192.168.2.228
                                                                                                      192.168.2.100
                                                                                                      192.168.2.221
                                                                                                      192.168.2.101
                                                                                                      192.168.2.222
                                                                                                      192.168.2.220
                                                                                                      192.168.2.115
                                                                                                      192.168.2.236
                                                                                                      192.168.2.116
                                                                                                      192.168.2.237
                                                                                                      192.168.2.113
                                                                                                      192.168.2.234
                                                                                                      192.168.2.114
                                                                                                      192.168.2.235
                                                                                                      192.168.2.119
                                                                                                      192.168.2.117
                                                                                                      192.168.2.238
                                                                                                      192.168.2.118
                                                                                                      192.168.2.239
                                                                                                      192.168.2.111
                                                                                                      192.168.2.232
                                                                                                      192.168.2.112
                                                                                                      192.168.2.233
                                                                                                      192.168.2.230
                                                                                                      192.168.2.110
                                                                                                      192.168.2.231
                                                                                                      192.168.2.203
                                                                                                      192.168.2.204
                                                                                                      192.168.2.201
                                                                                                      192.168.2.202
                                                                                                      192.168.2.207
                                                                                                      192.168.2.208
                                                                                                      192.168.2.205
                                                                                                      192.168.2.206

                                                                                                      General Information

                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                      Analysis ID:1430913
                                                                                                      Start date and time:2024-04-24 11:05:05 +02:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 9m 39s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:13
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:1
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:1.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.spre.troj.evad.winEXE@13/1028@0/100
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      • Number of executed functions: 49
                                                                                                      • Number of non-executed functions: 25
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                      • Report size getting too big, too many NtWriteFile calls found.

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      11:05:55API Interceptor10975253x Sleep call for process: 1.exe modified
                                                                                                      11:06:01API Interceptor2465x Sleep call for process: explorer.exe modified
                                                                                                      11:06:58AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_desktop.ini

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      No context

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASNs

                                                                                                      No context

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1000\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:2024/4/24

                                                                                                      C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1001\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:2024/4/24

                                                                                                      C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1002\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:2024/4/24

                                                                                                      C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:2024/4/24

                                                                                                      C:\$Recycle.Bin\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:true
                                                                                                      Preview:2024/4/24

                                                                                                      C:\$WinREAgent\Scratch\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\$WinREAgent\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):408714
                                                                                                      Entropy (8bit):6.675462172967849
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:j4+aezCpBmjAGEvqF1Ged2RYbguEuFuTkdj+zRGa7JkjrXyPyMMWvpBVOaqahUs:j4+aGAEbgvuFuQdj+zRTJkX8yMhB3jhX
                                                                                                      MD5:540614A68D89DC7F1958309651DE0D83
                                                                                                      SHA1:20BFEFB37F76FCF8613D7B3F1BA0C73784A6C5B8
                                                                                                      SHA-256:2C2CC7DB9A5D29D4B17D99390CBDBF3E7FFC3611AB68BFFF0A4E10B343D439C6
                                                                                                      SHA-512:B6B09EF4FE7B024223AE4FFF8470A06AD3CA0A5C51DE78924E9413A0348B27DDC6022EDBB80A1EE8F7C5BE6DE48DA7FD2309BD6F30DF0E11D8BF4167EFE3ECF4
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):213618
                                                                                                      Entropy (8bit):6.880287905392344
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:w+aezCpBvROJyDImGUcsvZZvUmubv7hTHA8l3B:w+atImGUcsvZZdubv7hfl3B
                                                                                                      MD5:721CC6EB2FE3DC08A1723819ACEE4E14
                                                                                                      SHA1:B3EC498213160996CE79DD123EEF70B0A1E3FD9F
                                                                                                      SHA-256:74529711F7F1BCA4FFD971C737FC1A8DE32FE02349EE669707F00A850F064A81
                                                                                                      SHA-512:57AF53E89E6C0A0CB12B0AE16DB5CBDC6C7C712A82C240CAEEB38B70803356D0E021722546C45C041283BFDCE3F64A9FEDD7AC38017E2E02E324AC387984ACB9
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Adobe\Reader\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Adobe\Reader\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\DESIGNER\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):567506
                                                                                                      Entropy (8bit):6.799923742805699
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:u+au00vHyvTCXdXikLj2jR7trg6Qi3vYsKTG:uBN0vHyyLj8trn3wsL
                                                                                                      MD5:A4F942EF36F24E1D3F139D6CA1903741
                                                                                                      SHA1:7BD01D5AACC31184273C615472926A3E361B172A
                                                                                                      SHA-256:AEEDB2EF442C179E65BDA3D27FD43AA284E2B854D984A55A082A009F6F3BA7E0
                                                                                                      SHA-512:F9F838EB471572E5E48C4F2527C89E4124E2ADB9DFAE83CC7FAC03915F9DB270E605CC0142C19B9163FE8AC18D4B00ECB1EC8960BEB66501B926E8FFBAABD88F
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1251538
                                                                                                      Entropy (8bit):6.813162060759354
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24576:rBuoMOW0n7Ubxk/uRvJqLGJLQ4a56duA/85RkV4l7/Zj:rBr4iwwGJra0uAUfkVy7/Zj
                                                                                                      MD5:AC9C29A623945428D641C8A99CDBAD69
                                                                                                      SHA1:B5B5456C163525B85F252352CB191DB954303BD0
                                                                                                      SHA-256:6B8F4808C107FC556B06BC7E838EF94DD8CE8C1B085CA7AA92F2AD28FAA30988
                                                                                                      SHA-512:EC93C7AACCA28760FBCA68C1566283044667636F71E37AC50FD1E5D718B0F79D9A476BE1B4F0C6C46866253985176B735CEA656D56368ECF50D7B69DFD03BB66
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):789202
                                                                                                      Entropy (8bit):6.83055191369316
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24576:5B/eR0gB6axoCfyR6RLQRF/TzJqe58Bimq:5BZgHxAR6uBTzge5Mimq
                                                                                                      MD5:B6F40845B680DDA36E0339B70CC776F7
                                                                                                      SHA1:093087240C38FF8D57C947586CE84E8566FCFB2E
                                                                                                      SHA-256:B096BBB42BD13448ADBD9FA01F1E952A6BFF9427108B3AA4BAB5EDF5F8E78EAB
                                                                                                      SHA-512:90AD59BFB56161B5AD471FB1254738FAB0A37BA58118B485EBE28FCD507EB46EC2C610094C92F98C42ED1A52933DB3266D90A220520B4217D634C0DD51D1B01F
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Java\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):561882
                                                                                                      Entropy (8bit):6.5732870260776775
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:XE+aOSEBPEeqbWqB3sunrT9+aYFLq3ny7R:XEBDEBPEeqbbBcunrTZ3y7R
                                                                                                      MD5:59E088772C3C6F612A296745BA545283
                                                                                                      SHA1:A6F589CB163CA84622EA5CD741627173B5D1FBF6
                                                                                                      SHA-256:5AEAA52AEA61263C5B94573B89915EFD2693CA5A1A7824B63235F628D78CE0C0
                                                                                                      SHA-512:D1D3D1C9F6A29F1A631713983250ECAF165110ED982B821A761E677767522B434A6B4CBEFE2B406FF51D498BAF681EE3A837731C7F482FFC6E3668E3607B34CC
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):126618
                                                                                                      Entropy (8bit):7.018125198388144
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:ANe+aezUa6pBifr1hg9uCRFRzsxeuPo10JOSdnvEh:d+aezCpBwhmRFJs0ug1MOc8
                                                                                                      MD5:0FB375230796F7E011A3CA3532523257
                                                                                                      SHA1:699CB85DC481F5F04BC78B80A328C5A1B55BF834
                                                                                                      SHA-256:D5031E77C982BE87287480D1EF49CE90A74AA9A401E79E2506F4F1682B7537CC
                                                                                                      SHA-512:87FBA16F995901DE95B2B0AF888230DF287F261A259866E82CFCEA0F98AADCEECC1D9EB24339E7F7848DF65C29140C3FF7E05438799D7F21C94FDEFFC3278C46
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\ink\HWRCustomization\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\ink\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\ink\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):298242
                                                                                                      Entropy (8bit):7.005589259180931
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:r+aezCpBC+TwJLYbH0QQchx73BeFStIhEWDoZvynCME:r+aT6EbH0j4x7R6SvyCME
                                                                                                      MD5:E0C3058531F77689C1EF619437BF5662
                                                                                                      SHA1:1B35732F7E92A21E199301785C4E0B9B99C151B4
                                                                                                      SHA-256:F7BBC180A3367D886064AA72A2B1DE8DF4083B1DB378B455ADB901F39E3F6899
                                                                                                      SHA-512:E2C7612E0DE01A714DCE4C6412EF523360ABF2042640843AA91EAD5E53FFAB54547EFC4CE52ED573F7C9467C5D8CDD94948927C41B522890A70DC8815C984F5D
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):298242
                                                                                                      Entropy (8bit):7.008070270869839
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:r+aezCpBg6wNXCs7zYA9xiNFiVg7s/uDoeBvhI7T:r+autXCs/YAh/elvhI7T
                                                                                                      MD5:A02720B0F4C2B72FB4149C0BBF7D23AF
                                                                                                      SHA1:39EDC7541456DB54BE8F72CDCB0EA1B64E9EB958
                                                                                                      SHA-256:0F25ECEA9FD77C7616F6833DC02A076EDAB3D9A2ED55FC1A2846BFE3FE07C879
                                                                                                      SHA-512:E12708FB9D5D5B1E2E59906FD8B6C1D2904EA76F94BCBA031E6405588CAA820042DDAE19722FEBF92C3866CBEFA6B29F0B679A9825715F1B1A088CF7E94DB77A
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):436994
                                                                                                      Entropy (8bit):6.585364121033919
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:r+aoLX8PC7NKdHVnfiMB7yIL+5IyoiYv5jPaeTmJWIvDxT9o:rBQx7KiBLZ05jNTmJWEx6
                                                                                                      MD5:8664F0B998A2E8D3BBD44CF2C95856F6
                                                                                                      SHA1:590882CE45B69B4003FB3F1F0B6F6BF2168427C7
                                                                                                      SHA-256:8B7DF7D37D503E299B172EFB0AFAC77DDFA8067112066F758FB014F51F82F580
                                                                                                      SHA-512:54A02A1656A331E23A201C3D2E36201BD020B8D55D45EC758A2A4F4B496E633D5139F135ACF5F448C2C995BCAAF9582FA04F9D683D1AC7C59A42F63A92B3F4A5
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Common Files\Oracle\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Common Files\Services\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):342434
                                                                                                      Entropy (8bit):6.862941150949907
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:/+aezCpBohPLlZpRkTpB8HHvBjruphfgesnAhAOQp2EwckjQx+m8h:/+aqlnRklinJruphfg26p2Ewix+m8h
                                                                                                      MD5:9438B372E59B31C3B05DA0D3AE73CA2A
                                                                                                      SHA1:F3ECAE9C7B47284690A88CC4F8E3C043C3C4A9ED
                                                                                                      SHA-256:E70A81913A6BBD179F7C4C64A69CAF99A86FB5A804C243E5FB954A66C4610C6C
                                                                                                      SHA-512:57D0ACEBF8D0DCCAF7AEFFA3740648C978DFB2F6B1864168FE4D4EF23071EA7E2C1151C9255C7C9ED1BC410BAE7581E4971D56C8EE60D248244F09D0F0487288
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):442786
                                                                                                      Entropy (8bit):6.563581789138394
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:d+aGnW3gaHC2zUM2WJoROZVXk8hbodzbaw8x0Cx+:dBGWx5k8hb0Haw+x
                                                                                                      MD5:BB7DB918A83A4C82CCC4388EC78FAE41
                                                                                                      SHA1:0D898DA150972D6B2C578C0B7966F223A278BCCC
                                                                                                      SHA-256:C05F1A04AE85637D3C87A461F30C6EB24E5280123AC6312076CBECCF1A9B3428
                                                                                                      SHA-512:2EB619509A35471087CEA4EA60304461D92D007FFCAA95893F5FC7AC014E607961E12B4079F868E9A72A7D86D7A83A2BEBA2258DEC684322CAC877754F126E28
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):202658
                                                                                                      Entropy (8bit):6.495601795136357
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:Are+aezUa6pBilwzvOYTt5YP/aKavT/DvbEvK9aobNI2B+Nl4jz+b0atWH1TmFtw:/+aezCpB9tiP/aK2h9H/B+r
                                                                                                      MD5:43461D28F4FE28736DA436A00B4B3C67
                                                                                                      SHA1:9C598C02000EEDEDDA1EB42299061823B1D0F31F
                                                                                                      SHA-256:49CC0FB74CE5C0D73421FDDF0D379131601E756D16600D8E135608884B16EEA2
                                                                                                      SHA-512:86D17E82D3FD5C8D84DB2BE8CBB50143AC4649A928EE387A98343DB11FCC4BA205EAA51A9C93427439C39EEAA282DCB32FA8D8F951A9C4D21658BA10914DA103
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):148898
                                                                                                      Entropy (8bit):6.982649946773372
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:Are+aezUa6pBiLMxJ7Rfp8K172YPrN4vzT+PjZpsB+2h+EOX:/+aezCpBkMH7cCxPLpsB+09
                                                                                                      MD5:0C4171723645DA586E5ADB209AE2E44A
                                                                                                      SHA1:061FA4CCB407FA4430AB6A70790489AE24193A56
                                                                                                      SHA-256:B73E8912054D05B52AEDABA25BC27856CC1D851C046CEAA411C495EB2697FC71
                                                                                                      SHA-512:E40323DA4B6302B7715E5C8E1C4A4EBFA933688DDB4BAE5ED25C7DC806D4F67D4B1F9448DEEEA1C3D4B516B04091B231F3DA95A4D8CD6F6C1E617A15FCCB52B5
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):226210
                                                                                                      Entropy (8bit):6.612084032982102
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:d+aezCpBJni3F8QrBAmWt9h8QlLISZWVRohcq7d:d+aji35rBRy9hdFIdRoGU
                                                                                                      MD5:8306EC4CA0645F420416A8AE4F509663
                                                                                                      SHA1:2F326E357C1DDC77B4F9C660E8D7511271DD374F
                                                                                                      SHA-256:7ADAB907883AF136D0469B1BFB000B4106C1D7279B2669696F3FDE2CAC48EDF2
                                                                                                      SHA-512:2CB66365FCAF49485CD85555F58F54A73DB62F1DB57EC40EDD85738279911D78907ADAF618F6C2265B38B98D84905F1F9FB430FB3C7354485693B31C2D8D53FB
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):263586
                                                                                                      Entropy (8bit):6.911873753708536
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:/+aezCpB/gG1da6edDwCtJmRqyFmB6AOKmiMGwIAfx+iQ+FfFy:/+aSG1da6edDw6JmRI6Bitwpx+iQafFy
                                                                                                      MD5:EF04692AD08CB12FA02E2798228F47F3
                                                                                                      SHA1:90365752EF421A27BDF4EF9B66F31C35F99C04E1
                                                                                                      SHA-256:E66A7654C1A20A3AB75F72153B3B1969D1689F462293723912E76CE619CD9DE8
                                                                                                      SHA-512:C3BDD1F8B41DAB217171C96D27F60D8900EFBCF1EA583D2964B088A73A3B68CEB5A95DDADA3017F6D3FFE5F162CD5E90EA19915677C145DF0BC21723010206EE
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):148898
                                                                                                      Entropy (8bit):6.982969600852966
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:Are+aezUa6pBiAER5AhC48S1m2YPrh4qR8vSZksB+2hdqeN:/+aezCpBDEXAe6QPzksB+0Y+
                                                                                                      MD5:A796C6571F5C0E9E6DC9B8C081EA5C91
                                                                                                      SHA1:9E3D5A216B765E88EF896A550285813C7269367B
                                                                                                      SHA-256:2EFBA6F7982DF107C851F794BBD5ED06C302A11A00181BCCB3E50CC4D76DD95E
                                                                                                      SHA-512:81BFDC8E035E2DD22915FB5889F2EE4522DBB95D8F7CAC2CBC718AA5AA20FA6B3CE3B8825A56F3760EF0CD3810805F9958CD81DBB968539745EE14FEBD9C9C21
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\GUR3A4B.tmp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\Recovery\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\1.3.36.312\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\Download\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\117.0.5938.132\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\Install\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\Update\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Google\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Internet Explorer\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Internet Explorer\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Internet Explorer\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Internet Explorer\images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\client\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\jabswitch.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):80130
                                                                                                      Entropy (8bit):7.413150648522436
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziHkshHPPRs+BjfrjUZ417jPxR:ANe+aezUa6pBif53BjfrjSYvxR
                                                                                                      MD5:7C405F6783953564FB551D18B04010E3
                                                                                                      SHA1:4EACC6022BF2952C90E9B2F5F330C4F12C6E3F37
                                                                                                      SHA-256:255DD514E525B8AAFDDC5E379A70FFBD674AAF8251619712AAA7B2407AE2F15D
                                                                                                      SHA-512:A3EB9EF8BF3033325A77AB3E5DE0FBA9B95732A7479CD962364346ED3045B610C1404D4893D13876218C0980696ECD3623B28D7984AFA9BD040180E86FAFD78D
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\java-rmi.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.598081839540273
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJzi7P/NpGEfc7PPxD:ANe+aezUa6pBi79pGkcTxD
                                                                                                      MD5:DA36633EC7677B6C054FB965ACB5329C
                                                                                                      SHA1:53963B91831887D8CAED7F238E1A1C36E3A4906D
                                                                                                      SHA-256:38FB88315BD23AC21FD64AB2FEE6BCB4032BD1DF482D99A429D3E7790BD9FE92
                                                                                                      SHA-512:ADA6D912A277F5D7955CA667170E732586CC9229F7AF52317F106CBAB726FBF741D2464092F1B8BF012BBE2442472C5B3D191B27EB82B5455043D40C799C4FDA
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\java.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):298242
                                                                                                      Entropy (8bit):7.005589259180931
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:r+aezCpBC+TwJLYbH0QQchx73BeFStIhEWDoZvynCME:r+aT6EbH0j4x7R6SvyCME
                                                                                                      MD5:E0C3058531F77689C1EF619437BF5662
                                                                                                      SHA1:1B35732F7E92A21E199301785C4E0B9B99C151B4
                                                                                                      SHA-256:F7BBC180A3367D886064AA72A2B1DE8DF4083B1DB378B455ADB901F39E3F6899
                                                                                                      SHA-512:E2C7612E0DE01A714DCE4C6412EF523360ABF2042640843AA91EAD5E53FFAB54547EFC4CE52ED573F7C9467C5D8CDD94948927C41B522890A70DC8815C984F5D
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):134914
                                                                                                      Entropy (8bit):6.838014698749686
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:AYge+Zk7qzUJBC2KsgSMcJziYPEoCW/ids8nBs+s8nBs8RGyeVK7qjh3rmKPNbSS:APe+aezUa6pBiYFrj8wyutjZqMNbSgxL
                                                                                                      MD5:942C15F58CF139D6F3DDA046F5BE9DD2
                                                                                                      SHA1:A1AD06773101FEB5EBCC04AA6BA7D58019ED6A4E
                                                                                                      SHA-256:AF5D5316FAB341C8030DAA43BB788F21C195DDAE4D5F422E93E0484E637859EB
                                                                                                      SHA-512:A63C97EE28FB0AD0DAF19158E03AAD60EEE9C118095B09A286B52D34FF900AC34D6E9662539A1190C0A6F915C50D5D0204B019118B1D611ACFD2F5E48B8969E9
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):298242
                                                                                                      Entropy (8bit):7.008070270869839
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:r+aezCpBg6wNXCs7zYA9xiNFiVg7s/uDoeBvhI7T:r+autXCs/YAh/elvhI7T
                                                                                                      MD5:A02720B0F4C2B72FB4149C0BBF7D23AF
                                                                                                      SHA1:39EDC7541456DB54BE8F72CDCB0EA1B64E9EB958
                                                                                                      SHA-256:0F25ECEA9FD77C7616F6833DC02A076EDAB3D9A2ED55FC1A2846BFE3FE07C879
                                                                                                      SHA-512:E12708FB9D5D5B1E2E59906FD8B6C1D2904EA76F94BCBA031E6405588CAA820042DDAE19722FEBF92C3866CBEFA6B29F0B679A9825715F1B1A088CF7E94DB77A
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):436994
                                                                                                      Entropy (8bit):6.585364121033919
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:r+aoLX8PC7NKdHVnfiMB7yIL+5IyoiYv5jPaeTmJWIvDxT9o:rBQx7KiBLZ05jNTmJWEx6
                                                                                                      MD5:8664F0B998A2E8D3BBD44CF2C95856F6
                                                                                                      SHA1:590882CE45B69B4003FB3F1F0B6F6BF2168427C7
                                                                                                      SHA-256:8B7DF7D37D503E299B172EFB0AFAC77DDFA8067112066F758FB014F51F82F580
                                                                                                      SHA-512:54A02A1656A331E23A201C3D2E36201BD020B8D55D45EC758A2A4F4B496E633D5139F135ACF5F448C2C995BCAAF9582FA04F9D683D1AC7C59A42F63A92B3F4A5
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\jjs.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.603383423683378
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziJcbv0fra7ePxG:ANe+aezUa6pBiJa0raexG
                                                                                                      MD5:3641063061761B69049362A378A84EBB
                                                                                                      SHA1:E5792F32BBCBE66B301F0138CD256D769355AFF3
                                                                                                      SHA-256:CD42690C6B414E67EB2B578F111CADE274D0DE0C164F0F7442EBDD34BA02928D
                                                                                                      SHA-512:7D6DBE5249FA63C16D9FC8E1A9ECD3696D8256A47358CE802FE90E026D36601EE27F261692910955668421EA1A146C8FD1ACBC73CE4AC7F32E50C1D5A72B003D
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):162562
                                                                                                      Entropy (8bit):6.8174730651439175
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:ANe+aezUa6pBiE834fRZ5Nyf446dewltB2mNd/HOrveW1dex6:d+aezCpB2446d7T/H47
                                                                                                      MD5:CAB1F3E0F6426F4E398A318C4B8DC4F9
                                                                                                      SHA1:F3E45A699F63DA1AF0469067E0B391586EAD1FDC
                                                                                                      SHA-256:2610936B0E17333DE3BD0D37CB974FA088B486A9260DFFD0383C4239E51DE45A
                                                                                                      SHA-512:46BBB66D276907A76238A07A03FB932FA3CD86C53D7EF48AD62B8A4F8E475457F97A9DC79B122A5A60C35B3588CA92E284CC185D9D4F26C28DFF8CDC241DCACB
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\keytool.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.6033296219653685
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziWsbmMf597mNNPxZT:ANe+aezUa6pBiWLc59qNhxZT
                                                                                                      MD5:8AF66193FAC26064970D7EE6DF3CEADF
                                                                                                      SHA1:76C89EEAB7F082BE105D7B1924FD84A0977B5820
                                                                                                      SHA-256:2B049D097D2BC6784D550C88355E095C186A184AE9A27FEBA7CE97CF72EA1664
                                                                                                      SHA-512:B997C5F7E4A663814D110B904B556165D4DDC0E0BB005E1F7F01C6D47833AD9BA37109A0E74080F856793C0DCE692B2BD1DF652FA2448BEAE00285AE82F7F8CC
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\kinit.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.6038095351046655
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziMsbczUfl37YZVPxu:ANe+aezUa6pBiMTzUl3cZJxu
                                                                                                      MD5:80839E40E7209533F2411345096F90F6
                                                                                                      SHA1:FEDC79A98DACDA62060F4776942919F83E2594D8
                                                                                                      SHA-256:974C948C6F2AE18DD03A296DB19666EBE82BA120501AF15896F287079D7D5FA3
                                                                                                      SHA-512:7278B62060D503542840545497EDD43E88A16A9DF820D53C17C275811CB3FD13A981C673EC4E45F0C9192014A1C1EA7ABB2F7C37B06F1E23F7DF6DC23585CD0B
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\klist.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.604482632554659
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziOsbcvxOflB72PxF:ANe+aezUa6pBiOTZGlB2xF
                                                                                                      MD5:419857496E0A1BB04C2AE4C9F24EFA9E
                                                                                                      SHA1:CB3AA358FD4F7022A9760B2BE49F59EBF9DAC578
                                                                                                      SHA-256:881F6EC91608813A8D555C276B75A81B00F913E0A069BCAEAC82A7527B015675
                                                                                                      SHA-512:8349216CDB36EAF8A56B4ABA07DEA3D6216701787CE215477D665EC9C86400EF525E6DF9C0DF02BF67E9D762FC6153C1EAB5902D1C0D55F970E160901F9364EC
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\ktab.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.603491654339958
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziMcbUqGfm27U5Pxio:ANe+aezUa6pBiMzqum2gdxL
                                                                                                      MD5:674AEDD15695AA91915F6111FAC71DDF
                                                                                                      SHA1:DBEB81B48DDF3FC411A882B3E71CDDAAA855E02C
                                                                                                      SHA-256:8711FA52A25474050BDD0D0EC50FF2D61FA33734A3C805AFF899B6D8B1EE6007
                                                                                                      SHA-512:690D0CA3451185C262BBFEBFE426A3812DBE8075EA71D30AE8973648B69EF1B909EC1144F8C1E8742C421B94A5F6E4E2F4480EDBD070D91C8DF8E641EDDBA5CA
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\orbd.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.612746800376969
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJzi9sbLUqfmd79Px6N:ANe+aezUa6pBi95Smddx6N
                                                                                                      MD5:9646D199C68593B55E49588BA36C36DB
                                                                                                      SHA1:ABA2A97403EEFA3D3EF25EA79FF02E73254FC1F8
                                                                                                      SHA-256:76993DDE8F5460B6074506082D5BE415E5487377FA46A6B6B15B4A8905A3099E
                                                                                                      SHA-512:17E7F4D51F3E108EBB5D930CA295CC163D5B0CEDB41C26A197B6746DDA6D4204DB28E9CCC7663B265027CB331B4FBC8704594B9C0FD63F53E434A4A9C5A0C6A8
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\pack200.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.6036535043700475
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziqsbYIf507YPxH:ANe+aezUa6pBiqp450UxH
                                                                                                      MD5:E16A851325282D20BFA96261DA9310CC
                                                                                                      SHA1:4B006DACD81C7E17CD5EB69FA6C49DACC68EABBC
                                                                                                      SHA-256:383D5DB0A15B57B2FDA7C94894D470D1EDB4F6B1DF5FCD6BF8D0436B5A30AA79
                                                                                                      SHA-512:2B9D6069237CD487FE2187DD8170145118EDCE224CA7D793BA199BEC1FC4BAAF15CD9C787F6868FFF40FEE463144719B129680357B0AD7BE23C60E58F72B26D9
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\policytool.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.604056358757605
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziNcbJif/B7KPxr6:ANe+aezUa6pBiN86/B6xr6
                                                                                                      MD5:DC563B3EEA860D69DAB78309AF3AE923
                                                                                                      SHA1:860C77F04EAC643D20AE573BED718A0FA93B9F56
                                                                                                      SHA-256:8A7F3A3BD1CA61D2024C30B332ED234997BB2ACF5E6D9A660F823CCC9D70449F
                                                                                                      SHA-512:8A67935A9B196076B73F6C1C4B8538A2F11787D45DF9E58164975D383364E10DB24C6F8EACE2C23758C215CC56B11975045BADCAA1E415FF9E4740FF4DF6778F
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\rmid.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.603295203762055
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziDcbj4fmPQ7rPxlh:ANe+aezUa6pBiDWImPQvxlh
                                                                                                      MD5:EA58EFC50686BE52EB6AAFBBCD61892B
                                                                                                      SHA1:C10C2E484344575704FAABF6A9023AB420E62E84
                                                                                                      SHA-256:2F6A7D73E9E55DEEEF0C2EB1A02FA67BC84DDB424417408E8F74AF8A0ECD81E0
                                                                                                      SHA-512:A904C5682A6A0721CF81AD2ECE499F8866ADCA3926C395A9DD9D0A93B580F604F2E6F2B6AFA69CE7A693A7EDE18D778D0A8E60C5D5E7567ADA3BCFD669CBA567
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\rmiregistry.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.603220096146929
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziVcbgifSs7oPxV7:ANe+aezUa6pBiV16SskxV7
                                                                                                      MD5:F5482E9131CAEB9A970BFC9ED18103A8
                                                                                                      SHA1:98018635DD7DE61E8D9CD1CE30CE7C770F6F7D66
                                                                                                      SHA-256:7AC97ABE32BBC871FFA6E596AA0C4DEE0B28C32D4268A1C3D20780CCDFFB1C65
                                                                                                      SHA-512:71B1CEDD5BF6F58A96CF29B2E7B3B8E25C064E7A5B987D4C5AC5AFD99884017DF0E5B9960F3D7E525685063391E74F61CFEC09B2E5B0FC3AFB830D6318E585F3
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\servertool.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63234
                                                                                                      Entropy (8bit):7.60411058859013
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJzimcbFif/c7yPxl:ANe+aezUa6pBim06/c6xl
                                                                                                      MD5:413E54106839C7E19375992901D54717
                                                                                                      SHA1:68B734E6001DCFC21FC19608564CC7DF53101118
                                                                                                      SHA-256:6267FCF8BB1C86D31D45567628E702001B67FE28C99B574075982DC20DE03BE3
                                                                                                      SHA-512:B50DFA252B5AFA28736CD512993F204595891A9DC8BCE58B7FF65E839F2619E0BB2837B221CEB89A5572314C928754B2F8996F39019BE75C7A4C6E16F38CC7BA
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):126210
                                                                                                      Entropy (8bit):6.751555109258374
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:ANe+aezUa6pBii8BszFJqkYUkEsqzy7pxE:d+aezCpBBFJqmsq2s
                                                                                                      MD5:AC55BCF16879AB77310FC90E21EA2642
                                                                                                      SHA1:874925C37C527A6EFF2E1AE8DB1D87C46A0FE4DE
                                                                                                      SHA-256:21A1AF5B90F8838EA5D3DD15BEE38D7D4C099EF869C07820BD685FE18754011C
                                                                                                      SHA-512:BAD1BFA0F58969F277E61348FD2A440980D126DCC3C20300A1300FD5B70C3B916B5440EB2D77694CD9BACF6EFBD61FC9EAEAF5E0BB81770BD2D3A58EEF426F09
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\tnameserv.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):63746
                                                                                                      Entropy (8bit):7.58000277768383
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJzivMb5o8fQG74PxU:ANe+aezUa6pBivXsQG0xU
                                                                                                      MD5:56A5358B6DFBD05A3F8488B0B20B0342
                                                                                                      SHA1:9D19491E55A7B94B813CD3258547C57FED570E6C
                                                                                                      SHA-256:67EF88B2AC741F725D6365CAC5F2970352D53F34ED3892E96C4A4DD760010B3C
                                                                                                      SHA-512:0B8476C6C6C14D4B191CBE8FFD45D839C6EAE0BF43065F818EF01F5BED208E976CDB43495AA7C43F92F770E4A28A2CAEA3ABA6B1BF7ABE1D56EAD70A892440E5
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):222466
                                                                                                      Entropy (8bit):6.463675720131006
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:d+aezCpBoJCXNwSyMZOy406qS2AroAxnw6fF:d+aUCXN7D5aqS2AroADF
                                                                                                      MD5:AD89B373D7F5445318608D8CC28C6EF3
                                                                                                      SHA1:07A96944B5DB49AEADB5F3DE8697E6E579BD270B
                                                                                                      SHA-256:2439F769B4A5B36956C24708F8E1B08CB06D49F62697F9BCE9B83D7BADE93706
                                                                                                      SHA-512:E588CAB8BA22A83FCF4AF4679391FC80E960A4D2D06029A74B6377DA10FFBCCB5F0562218F0D2761C9644855A4D08E4841BC909E512EB541EE9F0CF83E006AB3
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\legal\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Java\jre-1.8\legal\javafx\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSBuild\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSECache\OfficeKMS\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSECache\OfficeKMS\catalog\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSECache\OfficeKMS\win7\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSECache\OfficeKMS\win8\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\MSECache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Apply\FilesInUse\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Apply\FilesInUse\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Apply\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\ConfigFolders\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\ConfigFolders\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\root\vfs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\Download\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\Updates\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\TRANSLAT\ENES\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\TRANSLAT\ENFR\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\TRANSLAT\ESEN\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\TRANSLAT\FREN\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA6\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\1033\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\ODBC\Data Sources\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\ODBC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\1033\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):107554
                                                                                                      Entropy (8bit):6.80719707478465
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:A+ge+Zk7qzUJBC2KsgSMcJziUKyyJFGgHZ//rHzblweqz1lezmtJwzo9:ANe+aezUa6pBiByyJFD//HblqzXe0wO
                                                                                                      MD5:1B4CDCF833BC57D775142398F3C883C4
                                                                                                      SHA1:334043D41AF7FD2B63ED18DE96595A050D30C163
                                                                                                      SHA-256:4C78882EDECD9687C87007857BFA7C195FA4FE5AB5CF07F557AFCDAC85C8384F
                                                                                                      SHA-512:EB679F9FE487F20F6ED8D7651D76B384BF498349F544148AFB8AA0C1EC53235D463820FD08EE9E504C81C80F47D8D80174D8E5CA899016496AEBE9F995C1B294
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):661706
                                                                                                      Entropy (8bit):6.1442647331544435
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:d+af2rtz04po/FEVciSJJtH4PoR6moWEBfQLxZPhEx7xgtV2hv4tkYUK2tlIqR7c:dBfgB0zFEWi4JtH4PoRfoFIxZPk0NK
                                                                                                      MD5:735AAEE5FEF3F2EF19867A3D10C42329
                                                                                                      SHA1:A961E8A7AFA7D12FB44647A27F46234920038751
                                                                                                      SHA-256:276AC29B146E5D47DE980B2A5834304894C9E70C2C9816E13D22C821499BB77C
                                                                                                      SHA-512:08D32BF7A86C58F25FA0EDDF4D0C69871E5C50F619B7696DA0D087C90E1CB8C83128385249C37E54B4463E8B6897DA573204FE2F2FB2EDC8FD8C9BC922336C57
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OneNote\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):259666
                                                                                                      Entropy (8bit):5.81438783529099
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:ANe+aezUa6pBiSTjzJEthEWv4ZAh7ULoQdHBjw8Q2pFj4+W1ISYpksZmRohnonRB:d+aezCpBZjGthEWvPfQdhMuj4VM8im
                                                                                                      MD5:CADEF61F644E88B7611DB83137643316
                                                                                                      SHA1:6A3DF2066B10D7630EFFB4E6475F5CDC8BF4BA77
                                                                                                      SHA-256:D3CB177E228B32B4C0C8B777AB86BC521DA0F521ADDD367002047DFC8FB290F5
                                                                                                      SHA-512:3FECE3F3744C595C88ABB3E9E21077AE3B30434D878245171C6DE65364D016F0883173CB5A9578B138D4C7EBA552710C3CFA5E9D8526C7A4A94F7F88004972B1
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\130\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Mozilla Firefox\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Mozilla Firefox\plugins\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vreg\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vregwow6432\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Microsoft.NET\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):143972
                                                                                                      Entropy (8bit):6.678241643047487
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:AKe+aezUa6pBirNRCywDw1DiJkuKUNRD5b0qZ7y4jem7y6tz:a+aezCpBiT4DteUjD5lZ7y4j95
                                                                                                      MD5:893146CF7E512B3E1EA4D075AA9818A3
                                                                                                      SHA1:59EF36D69679B591C87D8385374E8A658225CE0C
                                                                                                      SHA-256:49BE9836CC2150778E5C6BB1FF54420C1C5E0F0F8B45C360F39BC37E0E6C2A2C
                                                                                                      SHA-512:3271C724D70702B605B694C267DF25E2D6F7DEBE3F5940DCFACA3545534DC7CC62743B057F195CF35F75FA3903D2F4422FAB4EC29FE1E083C1172D38C4CA7418
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Mozilla Maintenance Service\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Mozilla Maintenance Service\logs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):279586
                                                                                                      Entropy (8bit):6.695213800191629
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:d+aezCpBAf0OWPr2vXzrEbslNp/JNsJKQl0GkRAqVP:d+aWcDQXRVTZu0GP+P
                                                                                                      MD5:DC80EB5730E9B5C6E80055ED8639FF0A
                                                                                                      SHA1:8F22A3D17B069FD7AD01AF8FE98CEED4627D0DE4
                                                                                                      SHA-256:A4BB0B2B59360319CA61F6BF15812AA7DAD684D3522B95E9F25A7071ED4299D8
                                                                                                      SHA-512:614F596CEDA653AB74818455C9C2C4FCB5881C5A117A064EE6FDED85E4D58067DAAE9869753C1B07E86FD66DC084CA4FAE442D34B6BCA948262AC7F0D2C3AA45
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\Microsoft\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Reference Assemblies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Defender\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Defender\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Mail\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\Visualizations\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Media Player\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Multimedia Platform\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows NT\Accessories\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows NT\Accessories\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows NT\Accessories\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows NT\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Photo Viewer\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Photo Viewer\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Portable Devices\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\Windows Sidebar\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Configuration\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\Modules\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\WindowsPowerShell\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files (x86)\YBfZQnaKMxHSloksadrydsYOhPcinXflQRDWWqIbGzHvcGATL\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\css\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\themes\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\themes\dark\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\css\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\css\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\en-us\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\en-us\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\css\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\images\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\images\themes\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ar-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ca-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\cs-cz\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\de-de\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-ae\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-gb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\es-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\eu-es\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fi-fi\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-ma\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\he-il\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\hr-hr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\hu-hu\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ko-kr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nb-no\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nl-nl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pl-pl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ro-ro\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ru-ru\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sk-sk\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sl-si\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sl-sl\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\tr-tr\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\uk-ua\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\zh-cn\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\zh-tw\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Adobe\ARM\Acrobat_23.006.20320\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Adobe\ARM\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Adobe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\AppV\Setup\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\AppV\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\MachineData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\ProductReleases\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\ProductReleases\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\en-us.16\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\ProductReleases\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\x-none.16\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\ProductReleases\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\UserData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):4472682
                                                                                                      Entropy (8bit):6.590902720895029
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:98304:dLlkkCqyDEY7+o3OBvfGVY+40yajyS+9s/pLU:dZkkCqaE68eV+0y8E6LU
                                                                                                      MD5:2737E0FF3D77A391F33D51111DBE7463
                                                                                                      SHA1:2603A9E9EFC5075C2C618728684A9D6F86D333F4
                                                                                                      SHA-256:A581C19551DC1422DF7620445CF9E333405BD6D9D6B7B429B829C1D657043A8F
                                                                                                      SHA-512:87A49B0931CEC2CCDFBC1593323ED8D7FF5353C34D44A0E0300476AA3E565924F83BC98DDB002AE3FB4DE5B20FAA58910B01E133ABAE8380E44D6B0F3D38247F
                                                                                                      Malicious:true
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\DSS\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\Keys\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\PCPKSP\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\RSA\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\SystemKeys\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Crypto\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Device\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Task\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-GB\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Device Stage\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\DeviceSync\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\Diagnosis\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\Microsoft\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\ProgramData\dbg\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\Public\Desktop\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\Public\Documents\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\Public\Music\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\Public\Pictures\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\Public\Videos\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\VideoDecodeStats\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cookie\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Adobe\Linguistics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\EdpDomStore\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\EmieSiteList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\EmieUserList\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\IEFlipAheadCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\RMSLocalStorage\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\00016DC8\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Sync Playlists\en-CH\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Media Player\Transcoded Files Cache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\DTS\en-CH{F646D30C-89E6-4F59-BFAD-C1526B68776D}\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\Anonymous\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\Content\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Personalization\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\odc.officeapps.live.com\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Wef\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\Features\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\SDX\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Office\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

                                                                                                      Download File
                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                      File Type:JSON data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1022
                                                                                                      Entropy (8bit):5.252542495586483
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:YqHZ6T06Mhm50mMb0O0bihm5TmM6CUXyhm5+dmMbxdB6hm5CUmMz0Jahm5gmMbNS:YqHZ6T06McbMb0O0bicMMDUXycRMbxdy
                                                                                                      MD5:2F99BED9FF8C41AFEE96B028ED8B86A2
                                                                                                      SHA1:BF4E91361EE28C5506E812F2BF8C3495676097B0
                                                                                                      SHA-256:F4C2EB86983ED94B60DD5041C9DDCCC2E06C9F4DD810A8D90FBCCAE82620741C
                                                                                                      SHA-512:834B9B236AF231632E106CAE3E2F22EF09B2445E64536C7FF0F2F61BC240AFA84BB66093135B317A227B3E2D9BBCAA1EDFE65F87483CB3C12F67C3E80E5A436C
                                                                                                      Malicious:false
                                                                                                      Preview:{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":2357654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":2347654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":2337654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2327654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":2317654912,"LastSwitchedHighPart":31061703,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":2307654912,"LastSwitchedHighPart":31061703,

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PenWorkspace\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PlayReady\Internet Explorer\Desktop\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\Desktop\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PlayReady\Internet Explorer\InPrivate\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PlayReady\Internet Explorer\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\PlayReady\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\RMSLocalStorage\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Vault\UserProfileRoaming\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Vault\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\Gadgets\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows Sidebar\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\WindowsApps\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db

                                                                                                      Download File
                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                      File Type:DIY-Thermocam raw data (Lepton 3.x), scale -1--1, spot sensor temperature -nan, unit celsius, color scheme 0, calibration: offset -170141183460469231731687303715884105728.000000, slope 0.000488
                                                                                                      Category:dropped
                                                                                                      Size (bytes):103728
                                                                                                      Entropy (8bit):4.025305565047329
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:768:hlIdkOGVnu7jjk0Vlw/bz/mENkLsrvjwrLVPALKR1vIyEwdEmbypG3eDrh0ioGYm:6kNnmw/bz/mR+rh0ioGYnPsFkKQWP3J
                                                                                                      MD5:32875A3C62708A1329FECDA0AACCAD22
                                                                                                      SHA1:81B29A8ABAF5268488E412ACE415CA202A17E8B7
                                                                                                      SHA-256:074529EC1D61626DCE786538DFC740405589758F4C593714FC9423D1E5FC97E3
                                                                                                      SHA-512:CE6C09E7CB0A38ED320CF901FB0DB7501C36327478A58045391CD19A3445868FC09DA25DFABA377F70374795965230B536C58E19477C0FDA5843ABF0E2E5D0E0
                                                                                                      Malicious:false
                                                                                                      Preview:....h... ...0...........P...............X...`...]...........0..........V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

                                                                                                      Download File
                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):105192
                                                                                                      Entropy (8bit):4.0144124161290895
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:768:OlaxkZG+bQ+C4ljk0c+GN/dQjXNcLirrj7m+5BP7RIpR1voqRZSmmZypr3AwghQH:5kjQRN/dQjzcghQi+G+n0BFEKoqHR8
                                                                                                      MD5:88B04BAE164E232C8E24E7F5B076FEEC
                                                                                                      SHA1:8912ACBC98ABC707E553527BC3940693D059493A
                                                                                                      SHA-256:59806470997545E9DC0DE7635FC0EE3172467763A70EC1BD9F2B6C6DDA06F233
                                                                                                      SHA-512:7B503FBE640D32A44A375AC19979564BA8B358332563CA4ACA4F5EED16E4746F292A51C0D97DAF88AE14D5542E4AD261C17299DFE124D2D60DE1EAE666F81F7A
                                                                                                      Malicious:false
                                                                                                      Preview:....h... ..............P...............X.......]...H..................V.......e.n.-.C.H.;.e.n.-.G.B...............h..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u......................(..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>...........................................

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\doomed\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\entries\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cache2\trash4675\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\safebrowsing\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\safebrowsing\google4\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\ms-language-packs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\ms-language-packs\browser\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\settings\main\ms-language-packs\browser\newtab\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\startupCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release\thumbnails\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\yiaxs5ej.default\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\Firefox\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Mozilla\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\ActiveSync\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Advertising.Xaml_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.UI.Xaml.2.0_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\adobe.acrobatreaderdc.protectedmode\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetCookies\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\INetHistory\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\Temp\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\AppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\LocalState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\RoamingState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\SystemAppData\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\TempState\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Collab\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Forms\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Acrobat\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\CRLogs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Flash Player\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Headlights\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Linguistics\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\LogTransport2CC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\LogTransport2\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\RTTransfer\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Sonar\SonarCC\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\Sonar\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\Adobe\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Users\user\AppData\Roaming\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      C:\Windows\Dll.dll

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, Petite compressed
                                                                                                      Category:dropped
                                                                                                      Size (bytes):15049
                                                                                                      Entropy (8bit):7.356500837518643
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:nP//qhTXyWiP1J7iiK+iNRHtUDe0yjeoDVMcaaFnE696fKzAa6h1nrQunIYLCQ:PSbUP3xKXt3ee4OACQ
                                                                                                      MD5:8768C92C1E01B466D860862B780B6AE7
                                                                                                      SHA1:150A7F4BCC80982643D2EDFC745BC71C6AE2F8EB
                                                                                                      SHA-256:F578FBFF6C4E6C3A471AD9649BB7C5325D263F29A43D6A31E0CF3B675CB3417E
                                                                                                      SHA-512:CC2FAC94A8B285F2FFAE16A1B46A3AC4ED0EB0AF18EEA373D4559F75FAF66B1D362F47F3BE32AA17848488A859D12B476949275B9B0F538A087490918D6100CA
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: ReversingLabs, Detection: 87%
                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................s..........F........p....@.........................................................................................................t<.......................................................................................petite..p..........................`.................................................... ..........................@....rsrc................6..............@.......................................`...........................................................................................................................................................................................................................................................................................................

                                                                                                      C:\Windows\rundl132.exe

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):40578
                                                                                                      Entropy (8bit):7.856935698661895
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:768:A9ffDAAAbXAQJtw6jgO5RroZJ76739AzUJQ+CiiK1Cy6sgSq1cJpZ/i3:A+ge+Zk7qzUJBC2KsgSMcJzi
                                                                                                      MD5:0EAC667CBCE1C13116B0A40908D8695F
                                                                                                      SHA1:E1212710726EDD46307071C651FBAA8847B6C6A1
                                                                                                      SHA-256:02C2D998D15695F75EE2768A4FC0CBC30898EF772AE081518D1FC78B5E1DECBB
                                                                                                      SHA-512:4E44200BECF7F430AAEF57F8ACAB87E5C1E9592084CA13D9FE629EBF340E39EDCB5751DC3409C8B5960D4A3761F3E77056E15B9C2DF0EEB5632B1FC7165C6867
                                                                                                      Malicious:true
                                                                                                      Antivirus:
                                                                                                      • Antivirus: ReversingLabs, Detection: 97%
                                                                                                      Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."...................................................:\.......................................................Upack...................................rsrc...................................\\C.....".B...............................@..[C..\C..\C..\C..[C.|.........@.`[C.b[C..ZC...B.....V\C...B.T[C.................................8.......x...............(.......h.......D.J5............P.......D.J5............h....a...:..............D.J5....................D.J5................z...................D.J5............................D.J5................l...................D.J5................|...................D.J5............@.......D.J5............X...f...................D.J5....................D.J5....................t.............D.L.L...D.L.L.1...D.V.C.L.A.L...P.A.C.K.A.G.E.I.N.F.O...M.A.I.

                                                                                                      C:\_desktop.ini

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\1.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):9
                                                                                                      Entropy (8bit):1.8910611120726526
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:tRRBn:tB
                                                                                                      MD5:F29B71F66AC42A28A8D1E12A13D61861
                                                                                                      SHA1:BD61FBC8B6EED4CAE3FA29D7B950784258BE10CD
                                                                                                      SHA-256:9A5E4FF44F8F5BB21798074EA03E493911B59680E37191522562DECE826DA1CF
                                                                                                      SHA-512:90C31CDA60A9A63E3FA78E99F1104D1A9C9F811E11B62F75063B6007AE284C8C233B5D1235DEFAB7AE0DEEC3B7892C85AF9319219405C44D16FA29A3215F50E0
                                                                                                      Malicious:false
                                                                                                      Preview:2024/4/24

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):7.856935698661895
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.98%
                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                      File name:1.exe
                                                                                                      File size:40'578 bytes
                                                                                                      MD5:0eac667cbce1c13116b0a40908d8695f
                                                                                                      SHA1:e1212710726edd46307071c651fbaa8847b6c6a1
                                                                                                      SHA256:02c2d998d15695f75ee2768a4fc0cbc30898ef772ae081518d1fc78b5e1decbb
                                                                                                      SHA512:4e44200becf7f430aaef57f8acab87e5c1e9592084ca13d9fe629ebf340e39edcb5751dc3409c8b5960d4a3761f3e77056e15b9c2df0eeb5632b1fc7165c6867
                                                                                                      SSDEEP:768:A9ffDAAAbXAQJtw6jgO5RroZJ76739AzUJQ+CiiK1Cy6sgSq1cJpZ/i3:A+ge+Zk7qzUJBC2KsgSMcJzi
                                                                                                      TLSH:1903F187BBA16D0BC4CE99BCC4630EB3B9A6D46B15220D3170E3330D2D65261FE54AED
                                                                                                      File Content Preview:MZKERNEL32.DLL..LoadLibraryA....GetProcAddress......BKwdwing@...PE..L......................%. ...n.......Y.......0....@..............................................@..........................Z\..(......."..................................................

                                                                                                      File Icon

                                                                                                      Icon Hash:1b1d1b1abf97976b

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x4359ed
                                                                                                      Entrypoint Section:.rsrc
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                      DLL Characteristics:
                                                                                                      Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:87bed5a7cba00c7e1f4015f1bdae2183

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      mov esi, 00400188h
                                                                                                      lodsd
                                                                                                      mov edi, eax
                                                                                                      xchg eax, ebp
                                                                                                      lodsd
                                                                                                      xchg eax, ecx
                                                                                                      rep movsd
                                                                                                      lodsd
                                                                                                      mov ch, 1Ch
                                                                                                      rep stosd
                                                                                                      lodsd
                                                                                                      push eax
                                                                                                      xchg eax, edi
                                                                                                      push ecx
                                                                                                      pop eax
                                                                                                      lea edx, dword ptr [ebp+eax*4+5Ch]
                                                                                                      call dword ptr [esi]
                                                                                                      jc 00007F9864C5F029h
                                                                                                      sub al, 03h
                                                                                                      jnc 00007F9864C5EFD4h
                                                                                                      mov al, 00h
                                                                                                      cmp al, 07h
                                                                                                      jc 00007F9864C5EFD4h
                                                                                                      sub al, 03h
                                                                                                      push eax
                                                                                                      movzx ebx, byte ptr [edi-01h]
                                                                                                      shl ebx, 03h
                                                                                                      mov bl, 00h
                                                                                                      lea ebx, dword ptr [ebx+ebx*2]
                                                                                                      lea ebx, dword ptr [ebp+ebx*4+0000100Ch]
                                                                                                      mov al, 01h
                                                                                                      jecxz 00007F9864C5EFFBh
                                                                                                      mov edx, edi
                                                                                                      sub edx, dword ptr [ebp+0Ch]
                                                                                                      mov ch, byte ptr [edx]
                                                                                                      xor edx, edx
                                                                                                      test cl, ch
                                                                                                      setne dh
                                                                                                      push edx
                                                                                                      inc dh
                                                                                                      mov dl, al
                                                                                                      lea edx, dword ptr [ebx+edx*4]
                                                                                                      call dword ptr [esi]
                                                                                                      pop edx
                                                                                                      lahf
                                                                                                      adc al, al
                                                                                                      shr cl, 1
                                                                                                      je 00007F9864C5EFE0h
                                                                                                      sahf
                                                                                                      sbb dh, dl
                                                                                                      je 00007F9864C5EFB6h
                                                                                                      mov ah, 00h
                                                                                                      xor ecx, ecx
                                                                                                      mov ch, 01h
                                                                                                      call dword ptr [esi+08h]
                                                                                                      xor ecx, ecx
                                                                                                      jmp dword ptr [esi+24h]
                                                                                                      mov cl, 30h
                                                                                                      mov ebx, dword ptr [ebp+0Ch]
                                                                                                      add edx, ecx
                                                                                                      call dword ptr [esi]
                                                                                                      jnc 00007F9864C5F01Dh
                                                                                                      add edx, ecx
                                                                                                      call dword ptr [esi]
                                                                                                      jc 00007F9864C5EFEBh
                                                                                                      add edx, ecx
                                                                                                      call dword ptr [esi]
                                                                                                      jc 00007F9864C5EFFBh
                                                                                                      cmp al, 07h
                                                                                                      mov al, 09h
                                                                                                      jc 00007F9864C5EFD4h
                                                                                                      mov al, 0Bh
                                                                                                      push eax
                                                                                                      mov eax, edi
                                                                                                      sub eax, dword ptr [ebp+0Ch]
                                                                                                      mov al, byte ptr [eax]
                                                                                                      jmp dword ptr [esi+20h]
                                                                                                      add edx, 60h
                                                                                                      call dword ptr [esi]
                                                                                                      xchg dword ptr [ebp+10h], ebx
                                                                                                      jnc 00007F9864C5EFDEh
                                                                                                      add edx, ecx
                                                                                                      call dword ptr [esi]
                                                                                                      xchg dword ptr [ebp+14h], ebx
                                                                                                      jnc 00007F9864C5EFD5h
                                                                                                      xchg dword ptr [ebp+18h], ebx
                                                                                                      cmp al, 07h
                                                                                                      mov al, 08h
                                                                                                      jc 00007F9864C5EFD4h
                                                                                                      mov al, 0Bh
                                                                                                      push eax
                                                                                                      push ebx
                                                                                                      mov edx, ebp
                                                                                                      add edx, dword ptr [esi+14h]
                                                                                                      call dword ptr [esi+0Ch]

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x35c5a0x28.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x1122.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x35c3a0x18.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .Upack0x10000x2b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                      .rsrc0x2c0000x110000x9c826687abfa01fe21b275a16d7c8ca6eab5False0.948559876204263data7.883969322730811IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                      DLL0x261f80x3ac9empty0
                                                                                                      RT_ICON0x2c47a0xca8Device independent bitmap graphic, 48 x 96 x 4, image size 0ChineseChina0.4876543209876543
                                                                                                      RT_RCDATA0x2a96c0x10empty0
                                                                                                      RT_RCDATA0x2a97c0xe8empty0
                                                                                                      RT_GROUP_ICON0x2c4660x14dataChineseChina1.15
                                                                                                      RT_VERSION0x2c1f20x274dataChineseChina0.4554140127388535

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.DLLLoadLibraryA, GetProcAddress

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      ChineseChina

                                                                                                      Network Behavior

                                                                                                      ICMP Packets

                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                      Apr 24, 2024 11:05:56.509366035 CEST192.168.2.5192.168.2.1a623Echo
                                                                                                      Apr 24, 2024 11:05:56.509419918 CEST192.168.2.1192.168.2.5ae23Echo Reply

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Target ID:0
                                                                                                      Start time:11:05:52
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Users\user\Desktop\1.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\1.exe"
                                                                                                      Imagebase:0x400000
                                                                                                      File size:40'578 bytes
                                                                                                      MD5 hash:0EAC667CBCE1C13116B0A40908D8695F
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                      Reputation:low
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:2
                                                                                                      Start time:11:05:52
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\SysWOW64\net.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:net stop "Kingsoft AntiVirus Service"
                                                                                                      Imagebase:0xee0000
                                                                                                      File size:47'104 bytes
                                                                                                      MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:3
                                                                                                      Start time:11:05:52
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:4
                                                                                                      Start time:11:05:52
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\SysWOW64\net1.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                                                                                                      Imagebase:0x6e0000
                                                                                                      File size:139'776 bytes
                                                                                                      MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:5
                                                                                                      Start time:11:05:54
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\SysWOW64\net.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:net stop "Kingsoft AntiVirus Service"
                                                                                                      Imagebase:0xee0000
                                                                                                      File size:47'104 bytes
                                                                                                      MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:6
                                                                                                      Start time:11:05:54
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:7
                                                                                                      Start time:11:05:54
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\SysWOW64\net1.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
                                                                                                      Imagebase:0x6e0000
                                                                                                      File size:139'776 bytes
                                                                                                      MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:8
                                                                                                      Start time:11:05:55
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                      Imagebase:0x7ff674740000
                                                                                                      File size:5'141'208 bytes
                                                                                                      MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:13
                                                                                                      Start time:11:07:07
                                                                                                      Start date:24/04/2024
                                                                                                      Path:C:\Windows\System32\notepad.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_desktop.ini
                                                                                                      Imagebase:0x7ff7144b0000
                                                                                                      File size:201'216 bytes
                                                                                                      MD5 hash:27F71B12CB585541885A31BE22F61C83
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:moderate
                                                                                                      Has exited:false

                                                                                                      Disassembly

                                                                                                      Reset < >

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:13.7%
                                                                                                        Dynamic/Decrypted Code Coverage:0.2%
                                                                                                        Signature Coverage:15.4%
                                                                                                        Total number of Nodes:1150
                                                                                                        Total number of Limit Nodes:18
                                                                                                        execution_graph 6237 404660 ReadFile 6238 40467d 6237->6238 6239 401ec0 6240 401ed4 6239->6240 6241 401edd 6239->6241 6257 4017d4 6240->6257 6244 401f06 RtlEnterCriticalSection 6241->6244 6245 401f10 6241->6245 6250 401ee5 6241->6250 6244->6245 6245->6250 6251 401dcc 6245->6251 6248 402031 RtlLeaveCriticalSection 6249 40203b 6248->6249 6254 401ddc 6251->6254 6252 401e08 6256 401e2c 6252->6256 6268 401be0 6252->6268 6254->6252 6254->6256 6263 401d40 6254->6263 6256->6248 6256->6249 6258 4017ef 6257->6258 6259 401820 LocalAlloc 6258->6259 6260 40183a 6259->6260 6261 401889 6260->6261 6262 40187f RtlLeaveCriticalSection 6260->6262 6261->6241 6261->6250 6262->6261 6272 401594 6263->6272 6265 401d50 6266 401d5d 6265->6266 6281 401cb4 6265->6281 6266->6254 6269 401c35 6268->6269 6270 401bfe 6268->6270 6269->6270 6340 401b30 6269->6340 6270->6256 6273 4015b0 6272->6273 6275 4015ba 6273->6275 6277 4015c6 6273->6277 6279 40160b 6273->6279 6292 4012ec 6273->6292 6300 4011e8 6273->6300 6288 401480 6275->6288 6277->6265 6304 4013c8 6279->6304 6314 401c68 6281->6314 6284 4011e8 LocalAlloc 6285 401cd8 6284->6285 6287 401ce0 6285->6287 6318 401a0c 6285->6318 6287->6266 6289 4014c6 6288->6289 6290 4014e2 VirtualAlloc 6289->6290 6291 4014f6 6289->6291 6290->6289 6290->6291 6291->6277 6293 4012fb VirtualAlloc 6292->6293 6295 401328 6293->6295 6296 40134b 6293->6296 6308 4011a0 6295->6308 6296->6273 6299 401338 VirtualFree 6299->6296 6301 401204 6300->6301 6302 4011a0 LocalAlloc 6301->6302 6303 40124a 6302->6303 6303->6273 6307 4013f7 6304->6307 6305 401450 6305->6277 6306 401424 VirtualFree 6306->6307 6307->6305 6307->6306 6311 401148 6308->6311 6312 401154 LocalAlloc 6311->6312 6313 401166 6311->6313 6312->6313 6313->6296 6313->6299 6315 401c71 6314->6315 6317 401c7a 6314->6317 6315->6317 6323 401a3c 6315->6323 6317->6284 6319 401a29 6318->6319 6320 401a1a 6318->6320 6319->6287 6321 401be0 7 API calls 6320->6321 6322 401a27 6321->6322 6322->6287 6326 402050 6323->6326 6325 401a5d 6325->6317 6327 40206e 6326->6327 6328 402069 6326->6328 6329 40209f RtlEnterCriticalSection 6327->6329 6332 4020a9 6327->6332 6337 402072 6327->6337 6330 4017d4 2 API calls 6328->6330 6329->6332 6330->6327 6331 4020b5 6335 4021e1 6331->6335 6336 4021d7 RtlLeaveCriticalSection 6331->6336 6332->6331 6333 402164 6332->6333 6334 402138 6332->6334 6333->6331 6339 401be0 5 API calls 6333->6339 6334->6337 6338 401c68 5 API calls 6334->6338 6335->6325 6336->6335 6337->6325 6338->6337 6339->6331 6341 401b46 6340->6341 6342 401b71 6341->6342 6343 401b85 6341->6343 6352 401bce 6341->6352 6353 401748 6342->6353 6345 401748 3 API calls 6343->6345 6346 401b83 6345->6346 6347 401a0c 7 API calls 6346->6347 6346->6352 6349 401ba9 6347->6349 6348 401bc3 6368 401258 6348->6368 6349->6348 6363 401a60 6349->6363 6352->6270 6354 40176e 6353->6354 6362 4017c7 6353->6362 6372 401514 6354->6372 6357 4011e8 LocalAlloc 6358 40178b 6357->6358 6359 4017a2 6358->6359 6360 4013c8 VirtualFree 6358->6360 6361 401258 LocalAlloc 6359->6361 6359->6362 6360->6359 6361->6362 6362->6346 6364 401a65 6363->6364 6366 401a73 6363->6366 6365 401a3c 7 API calls 6364->6365 6367 401a72 6365->6367 6366->6348 6367->6348 6369 401263 6368->6369 6370 40127e 6369->6370 6371 4011a0 LocalAlloc 6369->6371 6370->6352 6371->6370 6374 40154b 6372->6374 6373 40158b 6373->6357 6374->6373 6375 401565 VirtualFree 6374->6375 6375->6374 6376 4064e0 6377 4064fa 6376->6377 6378 406501 6377->6378 6381 406508 6377->6381 6382 40308c 6378->6382 6383 4030a5 6382->6383 6385 4030ce 6383->6385 6389 403000 6383->6389 6386 403110 FreeLibrary 6385->6386 6387 403134 ExitProcess 6385->6387 6386->6385 6390 403061 6389->6390 6391 40300a GetStdHandle WriteFile GetStdHandle WriteFile 6389->6391 6390->6385 6391->6385 6393 435b93 LoadLibraryA 6394 435ba3 6393->6394 6394->6393 6395 4129f0 6396 4129f8 ReadFile 6395->6396 6397 412a17 6395->6397 6396->6397 6398 412a3d SetFilePointer 6397->6398 6400 412b01 6397->6400 6399 412a56 SetFilePointer 6398->6399 6403 412a87 6399->6403 6402 412ae6 SetFileTime 6402->6400 6403->6402 6404 412ab2 SetFilePointer 6403->6404 6404->6402 6405 412acd 6404->6405 6405->6402 6406 408604 6407 408611 WSAStartup 6406->6407 6415 40317c 6407->6415 6410 40869e 6411 408699 WSACleanup 6411->6410 6412 408652 inet_ntoa 6413 408647 6412->6413 6413->6411 6413->6412 6419 403e38 6413->6419 6416 403182 6415->6416 6417 40319d gethostname gethostbyname 6415->6417 6416->6417 6422 4024b4 6416->6422 6417->6410 6417->6413 6444 403cac 6419->6444 6423 4024b9 6422->6423 6424 4024cc 6422->6424 6423->6424 6426 40257c 6423->6426 6424->6417 6427 402530 6426->6427 6430 402555 6427->6430 6432 4041dc 6427->6432 6438 402524 6430->6438 6433 4041eb 6432->6433 6435 4041f6 6432->6435 6433->6430 6434 40421b 6434->6430 6435->6434 6436 4041fb TlsGetValue 6435->6436 6437 40420a 6436->6437 6437->6430 6441 403164 6438->6441 6442 40308c 6 API calls 6441->6442 6443 40252f 6442->6443 6443->6424 6445 403ccb 6444->6445 6449 403ce5 6444->6449 6446 403cd6 6445->6446 6447 40257c 7 API calls 6445->6447 6456 403ca4 6446->6456 6447->6446 6450 40257c 7 API calls 6449->6450 6451 403d2f 6449->6451 6450->6451 6453 403d3c 6451->6453 6459 402494 6451->6459 6454 403ce0 6453->6454 6455 403cac 7 API calls 6453->6455 6454->6413 6455->6453 6463 403e44 6456->6463 6460 402499 6459->6460 6461 4024ac 6459->6461 6460->6461 6462 40257c 7 API calls 6460->6462 6461->6453 6462->6461 6464 403e4a 6463->6464 6466 403ca9 6463->6466 6465 4024b4 7 API calls 6464->6465 6464->6466 6465->6466 6466->6454 6467 402f35 6468 402f67 6467->6468 6471 402ed4 6468->6471 6472 402ee3 6471->6472 6473 402f10 6471->6473 6472->6473 6476 412ce0 6472->6476 6480 412cde 6472->6480 6477 412d10 6476->6477 6478 412cfd 6476->6478 6477->6472 6484 41189c 6478->6484 6481 412ce0 6480->6481 6482 412d10 6481->6482 6483 41189c 3 API calls 6481->6483 6482->6472 6483->6482 6487 4118a4 6484->6487 6485 411a11 LoadLibraryA 6486 411a25 GetProcAddress 6485->6486 6491 411a71 6485->6491 6489 411a58 GetProcAddress 6486->6489 6487->6485 6487->6491 6489->6491 6491->6477 6492 412e46 6493 412e2d 6492->6493 6493->6492 6497 408e0d 6493->6497 6571 4117d8 OpenFileMappingA 6493->6571 6576 408e18 6493->6576 6498 408df9 6497->6498 6498->6497 6499 408e73 GetACP 6498->6499 6500 408e85 6498->6500 6499->6500 6565 4092e7 6499->6565 6743 402724 6500->6743 6504 402724 16 API calls 6506 408ea0 6504->6506 6509 408ebb ReadFile 6506->6509 6510 408f8e 6506->6510 6507 40317c 7 API calls 6508 409315 6507->6508 6508->6493 6511 408f88 CloseHandle 6509->6511 6514 408edb 6509->6514 6649 404be8 6510->6649 6511->6510 6514->6511 6517 402724 16 API calls 6514->6517 6525 408f0d 6514->6525 6515 404be8 12 API calls 6516 408faa 6515->6516 6663 405424 6516->6663 6517->6525 6518 408f2c GlobalAlloc 6518->6511 6520 408f49 6518->6520 6522 402494 7 API calls 6520->6522 6524 408f53 6522->6524 6523 404be8 12 API calls 6526 408fd6 6523->6526 6527 408f63 ReadFile 6524->6527 6525->6518 6529 408fe1 6526->6529 6530 409045 6526->6530 6527->6511 6528 408f86 6527->6528 6528->6511 6752 4026c4 GetCommandLineA 6529->6752 6668 408cec 6530->6668 6535 409043 6712 408060 6535->6712 6538 402724 16 API calls 6540 408ff9 6538->6540 6539 40905d GetLocalTime 6541 40907b 6539->6541 6539->6565 6540->6535 6542 40900e 6540->6542 6541->6565 6759 403214 6541->6759 6544 409028 Sleep 6542->6544 6545 409019 Sleep 6542->6545 6548 409037 6544->6548 6545->6542 6549 408cec 79 API calls 6548->6549 6550 40903e 6549->6550 6551 4086ac 15 API calls 6550->6551 6551->6535 6552 4090e1 6552->6565 6769 407a14 6552->6769 6554 40910f 6780 407964 6554->6780 6556 40914e 6557 408cec 79 API calls 6556->6557 6558 409176 CreateThread 6557->6558 6559 4091d3 6558->6559 6560 4091ac Sleep CreateThread 6558->6560 7472 4114d8 Sleep 6558->7472 6561 4091e9 CreateThread 6559->6561 6564 40920b 6559->6564 6560->6559 7485 4116a4 6560->7485 6561->6564 7482 411644 6561->7482 6562 409213 Sleep 6563 40922a 6562->6563 6567 409246 6562->6567 6791 406644 6563->6791 6564->6562 6566 409288 Sleep 6564->6566 6564->6567 6569 409270 TranslateMessage DispatchMessageA 6564->6569 6817 4031a0 6565->6817 6566->6564 6567->6565 6570 406644 68 API calls 6567->6570 6569->6566 6570->6565 6572 4117f7 6571->6572 6573 4117fb CreateFileMappingA 6571->6573 6574 411817 MapViewOfFile 6572->6574 6573->6574 6575 411831 6574->6575 6575->6493 6577 408e73 GetACP 6576->6577 6578 408e85 6576->6578 6577->6578 6642 4092e7 6577->6642 6579 402724 16 API calls 6578->6579 6580 408e91 6579->6580 6582 402724 16 API calls 6580->6582 6581 4031a0 7 API calls 6583 40930d 6581->6583 6584 408ea0 6582->6584 6585 40317c 7 API calls 6583->6585 6587 408ebb ReadFile 6584->6587 6588 408f8e 6584->6588 6586 409315 6585->6586 6586->6493 6589 408f88 CloseHandle 6587->6589 6590 408edb 6587->6590 6591 404be8 12 API calls 6588->6591 6589->6588 6590->6589 6595 402724 16 API calls 6590->6595 6599 408f0d 6590->6599 6592 408f98 6591->6592 6593 404be8 12 API calls 6592->6593 6592->6642 6594 408faa 6593->6594 6597 405424 9 API calls 6594->6597 6595->6599 6596 408f2c GlobalAlloc 6596->6589 6598 408f49 6596->6598 6600 408fc4 6597->6600 6601 402494 7 API calls 6598->6601 6599->6596 6602 404be8 12 API calls 6600->6602 6600->6642 6603 408f53 6601->6603 6604 408fd6 6602->6604 6605 408f63 ReadFile 6603->6605 6607 408fe1 6604->6607 6608 409045 6604->6608 6605->6589 6606 408f86 6605->6606 6606->6589 6609 4026c4 16 API calls 6607->6609 6610 408cec 79 API calls 6608->6610 6611 408fe6 6609->6611 6612 409053 6610->6612 6613 409043 6611->6613 6616 402724 16 API calls 6611->6616 6612->6613 6614 4086ac 15 API calls 6612->6614 6615 408060 28 API calls 6613->6615 6614->6613 6617 40905d GetLocalTime 6615->6617 6619 408ff9 6616->6619 6618 40907b 6617->6618 6617->6642 6620 403214 7 API calls 6618->6620 6618->6642 6619->6613 6621 409028 Sleep 6619->6621 6622 409019 Sleep 6619->6622 6623 4090d9 6620->6623 6625 409037 6621->6625 6622->6619 6624 408c70 7 API calls 6623->6624 6629 4090e1 6624->6629 6626 408cec 79 API calls 6625->6626 6627 40903e 6626->6627 6628 4086ac 15 API calls 6627->6628 6628->6613 6630 407a14 7 API calls 6629->6630 6629->6642 6631 40910f 6630->6631 6632 407964 7 API calls 6631->6632 6633 40914e 6632->6633 6634 408cec 79 API calls 6633->6634 6635 409176 CreateThread 6634->6635 6636 4091d3 6635->6636 6637 4091ac Sleep CreateThread 6635->6637 7578 4114d8 77 API calls 6635->7578 6638 4091e9 CreateThread 6636->6638 6641 40920b 6636->6641 6637->6636 7577 4116a4 9 API calls 6637->7577 6638->6641 7576 411644 10 API calls 6638->7576 6639 409213 Sleep 6640 40922a 6639->6640 6644 4092c2 6639->6644 6645 406644 68 API calls 6640->6645 6641->6639 6643 409288 Sleep 6641->6643 6641->6644 6646 409270 TranslateMessage DispatchMessageA 6641->6646 6642->6581 6643->6641 6644->6642 6647 406644 68 API calls 6644->6647 6648 409246 6645->6648 6646->6643 6647->6642 6648->6644 6650 404bfa 6649->6650 6821 404ae8 6650->6821 6652 40317c 7 API calls 6653 404cc3 6652->6653 6653->6515 6653->6565 6654 404c20 6655 404c45 6654->6655 6656 404c5e 6654->6656 6655->6652 6824 40347c 6656->6824 6858 40507c 6663->6858 6665 405454 6666 405462 6665->6666 6862 405304 6665->6862 6666->6523 6666->6565 6926 40732c 6668->6926 6675 404cec 7 API calls 6676 408d2b 6675->6676 6677 407654 56 API calls 6676->6677 6678 408d33 6677->6678 6679 404cec 7 API calls 6678->6679 6680 408d40 6679->6680 6681 407654 56 API calls 6680->6681 6682 408d48 6681->6682 6683 404cec 7 API calls 6682->6683 6684 408d57 6683->6684 6685 408d5f WinExec CreateThread Sleep 6684->6685 6686 4031a0 7 API calls 6685->6686 7238 408c5c 6685->7238 6687 408d9f 6686->6687 6687->6535 6688 4086ac 6687->6688 6689 404cec 7 API calls 6688->6689 6690 4086fd 6689->6690 7279 408010 6690->7279 6692 40870f 7288 404948 6692->7288 6694 408726 6695 40874b 6694->6695 6696 40872d WriteFile CloseHandle 6694->6696 6697 404ae8 4 API calls 6695->6697 6696->6695 6698 408753 6697->6698 6699 408764 6698->6699 6704 4087b3 6698->6704 6711 408799 6698->6711 6705 404cec 7 API calls 6699->6705 6700 4031a0 7 API calls 6701 408835 6700->6701 6702 40317c 7 API calls 6701->6702 6703 40883d 6702->6703 6703->6535 6707 404cec 7 API calls 6704->6707 6706 40877d 6705->6706 6709 404cec 7 API calls 6706->6709 6708 4087e4 6707->6708 6710 404cec 7 API calls 6708->6710 6709->6711 6710->6711 6711->6700 6713 408068 6712->6713 6713->6713 6714 402724 16 API calls 6713->6714 6715 40808f 6714->6715 6716 408482 6715->6716 6717 4080aa GetFileSize 6715->6717 6718 4031a0 7 API calls 6716->6718 6719 4080c3 6717->6719 6720 40847c CloseHandle 6717->6720 6722 40849f 6718->6722 6721 404cec 7 API calls 6719->6721 6720->6716 6723 4080d3 6721->6723 6724 4031a0 7 API calls 6722->6724 6725 402724 16 API calls 6723->6725 6726 4084ac 6724->6726 6727 4080e7 6725->6727 6726->6539 6728 4080fe DeleteFileA 6727->6728 6729 404ae8 4 API calls 6728->6729 6730 40810c 6729->6730 6730->6720 6731 404948 CreateFileA 6730->6731 6732 40811c 6731->6732 6732->6720 6733 408127 GetFileTime 6732->6733 6734 404cec 7 API calls 6733->6734 6735 408149 6734->6735 6736 408010 8 API calls 6735->6736 6737 40815b 6736->6737 6738 404948 CreateFileA 6737->6738 6742 408172 6738->6742 6739 4081db 6740 4081cc CloseHandle 6740->6739 6741 40819c ReadFile 6741->6740 6741->6742 6742->6739 6742->6740 6742->6741 6744 40317c 7 API calls 6743->6744 6745 402738 6744->6745 6746 40275a GetCommandLineA 6745->6746 6747 40273c 6745->6747 6748 402761 6746->6748 6750 40326c 7 API calls 6747->6750 6751 402758 6748->6751 7291 4025d8 6748->7291 6750->6751 6751->6504 6753 4025d8 15 API calls 6752->6753 6755 4026e8 6753->6755 6754 4025d8 15 API calls 6754->6755 6755->6754 6756 4026ff 6755->6756 6757 40317c 7 API calls 6756->6757 6758 402714 6757->6758 6758->6535 6758->6538 6760 403218 6759->6760 6761 40323c 6760->6761 6762 4024b4 7 API calls 6760->6762 6763 408c70 6761->6763 6762->6761 6764 408c82 6763->6764 6765 408cc6 6764->6765 6767 403614 7 API calls 6764->6767 6766 40317c 7 API calls 6765->6766 6768 408cdb 6766->6768 6767->6764 6768->6552 6770 407a30 6769->6770 6771 40317c 7 API calls 6770->6771 6772 407a46 6771->6772 6773 407aa8 6772->6773 6778 403364 7 API calls 6772->6778 6779 4033c4 7 API calls 6772->6779 6774 40317c 7 API calls 6773->6774 6775 407abd 6774->6775 6776 40317c 7 API calls 6775->6776 6777 407ac5 6776->6777 6777->6554 6778->6772 6779->6772 6781 407980 6780->6781 6782 40317c 7 API calls 6781->6782 6789 407996 6782->6789 6783 4079e6 6784 40317c 7 API calls 6783->6784 6785 4079fb 6784->6785 6786 40317c 7 API calls 6785->6786 6787 407a03 6786->6787 6787->6556 6788 403364 7 API calls 6788->6789 6789->6783 6789->6788 6790 4033c4 7 API calls 6789->6790 6790->6789 6792 406663 6791->6792 6793 406679 6791->6793 6794 405ad0 17 API calls 6792->6794 7306 405ad0 6793->7306 6795 40666d 6794->6795 6796 406734 6795->6796 7321 40655c 6795->7321 6796->6567 6801 40668f 6801->6795 6801->6796 6805 405ad0 17 API calls 6801->6805 6803 4066d1 7331 406080 6803->7331 6804 4066c8 7367 405cfc 6804->7367 6805->6795 6807 4066cf 6808 4066e4 6807->6808 7404 405be0 6807->7404 6808->6796 6808->6807 6812 40672b 7421 406488 6812->7421 6815 406714 GetMessageA 6815->6812 6816 4066fc 6815->6816 6816->6812 6816->6815 6819 4031a6 6817->6819 6818 4031cc 6818->6507 6819->6818 6820 4024b4 7 API calls 6819->6820 6820->6819 6833 404a80 6821->6833 6825 40348d 6824->6825 6826 4034b3 6825->6826 6827 4034ca 6825->6827 6841 4036ec 6826->6841 6847 403240 6827->6847 6830 4034fb 6831 4034c0 6831->6830 6852 4031d0 6831->6852 6839 4035bc 6833->6839 6836 404aa5 FindClose 6837 404ad9 6836->6837 6838 404ab4 FileTimeToLocalFileTime FileTimeToDosDateTime 6836->6838 6837->6654 6838->6837 6840 4035c0 FindFirstFileA 6839->6840 6840->6836 6840->6837 6842 4036f9 6841->6842 6846 403729 6841->6846 6844 403240 7 API calls 6842->6844 6845 403705 6842->6845 6843 40317c 7 API calls 6843->6845 6844->6846 6845->6831 6846->6843 6848 403244 6847->6848 6849 403268 6847->6849 6850 402494 7 API calls 6848->6850 6849->6831 6851 403251 6850->6851 6851->6831 6853 4031d4 6852->6853 6856 4031e4 6852->6856 6855 403240 7 API calls 6853->6855 6853->6856 6854 403212 6854->6830 6855->6856 6856->6854 6857 4024b4 7 API calls 6856->6857 6857->6854 6859 4050be 6858->6859 6861 405138 6858->6861 6859->6861 6869 404640 CompareStringA 6859->6869 6861->6665 6863 40532b 6862->6863 6867 405386 6863->6867 6868 405304 8 API calls 6863->6868 6870 405238 6863->6870 6864 40317c 7 API calls 6865 405414 6864->6865 6865->6666 6867->6864 6868->6863 6869->6859 6871 405249 6870->6871 6872 405256 6871->6872 6873 40524d 6871->6873 6876 405261 6872->6876 6877 40527f 6872->6877 6874 40317c 7 API calls 6873->6874 6875 405254 6874->6875 6875->6863 6883 403c60 6876->6883 6878 405298 6877->6878 6879 40528c 6877->6879 6886 404814 6878->6886 6881 40317c 7 API calls 6879->6881 6881->6875 6898 403c68 6883->6898 6887 404846 6886->6887 6888 404838 6886->6888 6890 40317c 7 API calls 6887->6890 6889 4031d0 7 API calls 6888->6889 6891 404844 6889->6891 6892 40484d 6890->6892 6893 40317c 7 API calls 6891->6893 6894 40317c 7 API calls 6892->6894 6895 4048c2 6893->6895 6897 404862 6894->6897 6895->6875 6897->6891 6923 403364 6897->6923 6901 4032d8 6898->6901 6902 4032f1 6901->6902 6903 4032fa 6901->6903 6904 40317c 7 API calls 6902->6904 6905 40332d 6903->6905 6916 40329c WideCharToMultiByte 6903->6916 6907 4032f8 6904->6907 6906 4036ec 7 API calls 6905->6906 6909 40333a 6906->6909 6907->6875 6922 40329c WideCharToMultiByte 6909->6922 6910 403318 6910->6905 6912 40331e 6910->6912 6917 40326c 6912->6917 6913 403348 6915 4036ec 7 API calls 6913->6915 6915->6907 6916->6910 6918 403240 7 API calls 6917->6918 6919 40327c 6918->6919 6920 40317c 7 API calls 6919->6920 6921 403294 6920->6921 6921->6907 6922->6913 6924 40326c 7 API calls 6923->6924 6925 403371 6924->6925 6925->6897 6927 407334 6926->6927 6927->6927 6928 404cec 7 API calls 6927->6928 6929 407356 6928->6929 6930 404cec 7 API calls 6929->6930 6931 40736c 6930->6931 6932 407374 FindWindowA SendMessageA 6931->6932 6933 404cec 7 API calls 6932->6933 6934 407393 6933->6934 6935 407654 56 API calls 6934->6935 6936 40739b 6935->6936 6937 404cec 7 API calls 6936->6937 6938 4073a8 6937->6938 6939 407654 56 API calls 6938->6939 6940 4073b0 6939->6940 6941 404cec 7 API calls 6940->6941 6942 4073bd 6941->6942 6943 407654 56 API calls 6942->6943 6944 4073c5 6943->6944 6945 404cec 7 API calls 6944->6945 6946 4073d2 6945->6946 6947 407654 56 API calls 6946->6947 6948 4073da 6947->6948 6949 404cec 7 API calls 6948->6949 6950 4073e7 6949->6950 6951 407654 56 API calls 6950->6951 6952 4073ef 6951->6952 6953 404cec 7 API calls 6952->6953 6954 4073fc 6953->6954 6955 407654 56 API calls 6954->6955 6956 407404 6955->6956 6957 404cec 7 API calls 6956->6957 6958 407411 6957->6958 6959 407654 56 API calls 6958->6959 6960 407419 6959->6960 6961 404cec 7 API calls 6960->6961 6962 407426 6961->6962 6963 407654 56 API calls 6962->6963 6964 40742e 6963->6964 7000 40726c 6964->7000 6967 4031a0 7 API calls 6968 40744d 6967->6968 6969 404cec 6968->6969 6970 404d07 6969->6970 6971 40317c 7 API calls 6970->6971 6977 404d1c 6971->6977 6972 404d58 6973 40317c 7 API calls 6972->6973 6974 404d6d 6973->6974 6976 40317c 7 API calls 6974->6976 6975 403364 7 API calls 6975->6977 6978 404d75 6976->6978 6977->6972 6977->6975 6979 4033c4 7 API calls 6977->6979 6980 407654 6978->6980 6979->6977 6981 40767f 6980->6981 6982 4056c4 7 API calls 6981->6982 6983 40769f 6982->6983 6984 4056e4 7 API calls 6983->6984 6991 4076b0 6984->6991 6985 4077a4 CloseHandle 6986 4031a0 7 API calls 6985->6986 6987 4077c7 6986->6987 6988 40317c 7 API calls 6987->6988 6990 4077cf 6988->6990 6990->6675 6991->6985 6992 407716 OpenProcess 6991->6992 6995 405704 7 API calls 6991->6995 6998 40774c 6991->6998 7125 404768 6991->7125 6992->6991 6993 407729 TerminateProcess CloseHandle 6992->6993 6993->6991 6995->6991 6997 407768 TerminateProcess CloseHandle 6997->6991 6997->6998 6998->6991 6998->6997 7132 40762c GetVersionExA 6998->7132 7134 407514 6998->7134 7145 406e5c 6998->7145 7015 406fc8 7000->7015 7004 4072a4 7029 4056e4 7004->7029 7006 407301 CloseHandle 7007 40317c 7 API calls 7006->7007 7009 40731c 7007->7009 7009->6967 7010 4072b5 7010->7006 7011 4072cb OpenProcess 7010->7011 7034 407018 7010->7034 7058 405704 7010->7058 7011->7006 7013 4072de 7011->7013 7014 4072e6 CloseHandle 7013->7014 7014->7006 7016 4036ec 7 API calls 7015->7016 7017 406fda 7016->7017 7063 403614 7017->7063 7019 406fe2 7020 4036ec 7 API calls 7019->7020 7021 406ff3 7020->7021 7022 407008 7021->7022 7069 4033c4 7021->7069 7024 4056c4 7022->7024 7083 405564 7024->7083 7026 4056cf 7027 4056d3 CreateToolhelp32Snapshot 7026->7027 7028 4056de 7026->7028 7027->7004 7028->7004 7030 405564 6 API calls 7029->7030 7031 4056ef 7030->7031 7032 4056f3 Process32First 7031->7032 7033 4056fe 7031->7033 7032->7010 7033->7010 7035 407020 7034->7035 7035->7035 7036 4056c4 7 API calls 7035->7036 7037 407045 7036->7037 7088 405724 7037->7088 7039 4071e6 CloseHandle 7040 4031a0 7 API calls 7039->7040 7041 407209 7040->7041 7042 40317c 7 API calls 7041->7042 7043 407211 7042->7043 7043->7010 7044 40705e 7044->7039 7045 407121 7044->7045 7046 404cec 7 API calls 7044->7046 7049 404a40 7 API calls 7044->7049 7120 405744 7044->7120 7093 4046b4 7045->7093 7046->7044 7048 407148 7048->7039 7099 406ed0 7048->7099 7049->7044 7054 404cec 7 API calls 7055 4071b9 7054->7055 7055->7039 7057 4071c7 7055->7057 7057->7039 7059 405564 6 API calls 7058->7059 7060 40570f 7059->7060 7061 405713 Process32Next 7060->7061 7062 40571e 7060->7062 7061->7010 7062->7010 7064 4035c8 7063->7064 7065 403240 7 API calls 7064->7065 7066 403603 7064->7066 7067 4035df 7065->7067 7066->7019 7067->7066 7068 4024b4 7 API calls 7067->7068 7068->7066 7070 403407 7069->7070 7071 4033c8 7069->7071 7070->7022 7072 4031d0 7071->7072 7073 4033d2 7071->7073 7079 403240 7 API calls 7072->7079 7080 4031e4 7072->7080 7074 4033e5 7073->7074 7075 4033fc 7073->7075 7078 4036ec 7 API calls 7074->7078 7076 4036ec 7 API calls 7075->7076 7082 4033ea 7076->7082 7077 403212 7077->7022 7078->7082 7079->7080 7080->7077 7081 4024b4 7 API calls 7080->7081 7081->7077 7082->7022 7084 405620 7083->7084 7085 405571 7083->7085 7084->7026 7085->7084 7086 40558d 7085->7086 7087 40559d 6 API calls 7086->7087 7087->7084 7089 405564 6 API calls 7088->7089 7090 40572f 7089->7090 7091 405733 Module32First 7090->7091 7092 40573e 7090->7092 7091->7044 7092->7044 7094 4046c7 7093->7094 7095 40361c 7 API calls 7094->7095 7096 40470d 7095->7096 7097 40317c 7 API calls 7096->7097 7098 404722 7097->7098 7098->7048 7100 406eeb 7099->7100 7101 40317c 7 API calls 7100->7101 7102 406f00 7101->7102 7103 406f6e 7102->7103 7104 402494 7 API calls 7102->7104 7105 40317c 7 API calls 7103->7105 7109 406f1f 7104->7109 7106 406f83 7105->7106 7107 40317c 7 API calls 7106->7107 7108 406f8b 7107->7108 7113 40361c 7108->7113 7110 404cec 7 API calls 7109->7110 7111 406f48 7110->7111 7112 4024b4 7 API calls 7111->7112 7112->7103 7114 403621 7113->7114 7115 40364e 7113->7115 7114->7115 7117 403635 7114->7117 7116 40317c 7 API calls 7115->7116 7119 403644 7116->7119 7118 40326c 7 API calls 7117->7118 7118->7119 7119->7054 7121 405564 6 API calls 7120->7121 7122 40574f 7121->7122 7123 405753 Module32Next 7122->7123 7124 40575e 7122->7124 7123->7044 7124->7044 7127 404776 7125->7127 7126 4047a5 7129 4031d0 7 API calls 7126->7129 7127->7126 7128 40478d 7127->7128 7130 40361c 7 API calls 7128->7130 7131 40479d 7129->7131 7130->7131 7131->6991 7133 407646 7132->7133 7133->6998 7135 40754b 7134->7135 7136 404cec 7 API calls 7134->7136 7137 407553 LoadLibraryA 7135->7137 7136->7135 7138 40755f 7137->7138 7144 40757f 7137->7144 7139 404cec 7 API calls 7138->7139 7142 40756c 7139->7142 7140 4031a0 7 API calls 7141 4075eb 7140->7141 7141->6998 7143 407574 GetProcAddress 7142->7143 7143->7144 7144->7140 7146 406e68 7145->7146 7152 406e87 7145->7152 7153 406c48 OpenProcess 7146->7153 7152->6991 7154 406d5f 7153->7154 7155 406c95 VirtualAllocEx 7153->7155 7156 4031a0 7 API calls 7154->7156 7155->7154 7157 406cbc 7155->7157 7158 406d7b 7156->7158 7159 404cec 7 API calls 7157->7159 7158->7152 7169 406b40 7158->7169 7160 406cc9 7159->7160 7161 406cd1 GetModuleHandleA 7160->7161 7162 404cec 7 API calls 7161->7162 7163 406ce6 7162->7163 7164 406cee GetProcAddress 7163->7164 7186 406bf0 7164->7186 7167 406d42 WriteProcessMemory GlobalFree 7167->7154 7168 406d0b 7168->7167 7170 406b58 7169->7170 7171 4056c4 7 API calls 7170->7171 7172 406b64 7171->7172 7173 406b9a 7172->7173 7188 405764 7172->7188 7173->7152 7179 406db8 7173->7179 7175 406b79 7176 406b94 CloseHandle 7175->7176 7177 406b83 7175->7177 7193 405788 7175->7193 7176->7173 7177->7176 7180 406dcd 7179->7180 7198 40690c GetVersionExA SetLastError 7179->7198 7182 406e50 7180->7182 7183 406de4 SuspendThread GetThreadContext 7180->7183 7182->7152 7184 406e06 SetThreadContext 7183->7184 7185 406e37 ResumeThread PostThreadMessageA 7183->7185 7184->7185 7185->7182 7187 406bfc GlobalAlloc 7186->7187 7187->7154 7187->7168 7189 405564 6 API calls 7188->7189 7190 40576c 7189->7190 7191 405770 Thread32First 7190->7191 7192 405780 7190->7192 7191->7192 7192->7175 7194 405564 6 API calls 7193->7194 7195 405790 7194->7195 7196 4057a4 7195->7196 7197 405794 Thread32Next 7195->7197 7196->7175 7197->7196 7199 406950 GetCurrentProcessId 7198->7199 7200 406944 7198->7200 7225 406854 7199->7225 7214 406a18 7200->7214 7204 406854 9 API calls 7205 406964 IsBadHugeReadPtr 7204->7205 7206 406979 7205->7206 7212 40694b 7205->7212 7207 406854 9 API calls 7206->7207 7206->7212 7208 40698e GetCurrentProcessId 7207->7208 7209 4069a2 OpenProcess 7208->7209 7210 406999 GetCurrentProcess 7208->7210 7211 4069b9 GetCurrentProcess DuplicateHandle GetCurrentProcess 7209->7211 7209->7212 7210->7211 7211->7212 7213 4069de CloseHandle 7211->7213 7212->7180 7213->7212 7215 404cec 7 API calls 7214->7215 7216 406a3b 7215->7216 7217 406a43 LoadLibraryA 7216->7217 7218 404cec 7 API calls 7217->7218 7219 406a5b 7218->7219 7220 406a63 GetProcAddress 7219->7220 7221 406a9e FreeLibrary 7220->7221 7222 406abc 7221->7222 7223 4031a0 7 API calls 7222->7223 7224 406ac9 7223->7224 7224->7212 7226 406859 7225->7226 7227 404cec 7 API calls 7226->7227 7228 406877 7227->7228 7229 404cec 7 API calls 7228->7229 7230 40688d 7229->7230 7235 406b08 GetModuleHandleA 7230->7235 7233 4031a0 7 API calls 7234 4068c5 7233->7234 7234->7204 7236 40689b 7235->7236 7237 406b1f GetProcAddress 7235->7237 7236->7233 7237->7236 7241 4088ec 7238->7241 7242 4088f4 7241->7242 7242->7242 7243 404cec 7 API calls 7242->7243 7244 40891e 7243->7244 7265 4077e0 7244->7265 7246 408b8f 7247 4031a0 7 API calls 7246->7247 7249 408bac 7247->7249 7248 408929 7248->7246 7250 408940 waveOutSetVolume 7248->7250 7251 40894f 7248->7251 7250->7251 7252 408b78 7251->7252 7264 40895e 7251->7264 7252->7246 7253 408b84 waveOutSetVolume 7252->7253 7253->7246 7254 404cec 7 API calls 7254->7264 7255 40897f FindWindowA 7255->7264 7256 408b50 FindWindowA 7257 408b68 Sleep 7256->7257 7258 408b5c SendMessageA 7256->7258 7257->7252 7257->7264 7258->7257 7259 4089b3 FindWindowExA 7260 4089c5 GetWindowTextA 7259->7260 7259->7264 7260->7264 7261 408ada SendMessageA 7261->7264 7262 408b0f FindWindowExA 7262->7264 7263 408b24 SendMessageA 7263->7264 7264->7254 7264->7255 7264->7256 7264->7259 7264->7261 7264->7262 7264->7263 7266 40780b 7265->7266 7267 4056c4 7 API calls 7266->7267 7268 40782d 7267->7268 7269 4056e4 7 API calls 7268->7269 7271 40783e 7269->7271 7270 4078b8 CloseHandle 7272 4031a0 7 API calls 7270->7272 7271->7270 7274 404768 7 API calls 7271->7274 7277 4078a1 7271->7277 7278 405704 7 API calls 7271->7278 7273 4078db 7272->7273 7275 40317c 7 API calls 7273->7275 7274->7271 7276 4078e3 7275->7276 7276->7248 7277->7270 7278->7271 7280 4036ec 7 API calls 7279->7280 7281 408022 7280->7281 7282 403614 7 API calls 7281->7282 7283 40802a GetWindowsDirectoryA 7282->7283 7284 4036ec 7 API calls 7283->7284 7285 40803b 7284->7285 7286 408050 7285->7286 7287 4033c4 7 API calls 7285->7287 7286->6692 7287->7286 7289 4035bc 7288->7289 7290 404964 CreateFileA 7289->7290 7290->6694 7292 4025ea 7291->7292 7293 4025e2 CharNextA 7292->7293 7296 402604 7292->7296 7293->7292 7294 402653 7297 4036ec 7 API calls 7294->7297 7295 40260e CharNextA 7295->7296 7296->7294 7296->7295 7298 402618 CharNextA 7296->7298 7299 402635 CharNextA 7296->7299 7303 40265c 7297->7303 7298->7296 7299->7296 7300 4026bb 7300->6748 7301 4026a0 CharNextA 7301->7303 7302 402668 CharNextA 7302->7303 7303->7300 7303->7301 7303->7302 7303->7303 7304 402672 CharNextA 7303->7304 7305 402696 CharNextA 7303->7305 7304->7303 7305->7303 7307 405af4 7306->7307 7308 4056c4 7 API calls 7307->7308 7310 405b10 7308->7310 7309 405ba8 7311 4031a0 7 API calls 7309->7311 7310->7309 7313 4056e4 7 API calls 7310->7313 7312 405bc7 7311->7312 7314 40317c 7 API calls 7312->7314 7318 405b44 7313->7318 7315 405bcf 7314->7315 7315->6801 7316 405ba2 CloseHandle 7316->7309 7317 404768 7 API calls 7317->7318 7318->7316 7318->7317 7319 405b7f 7318->7319 7320 405704 7 API calls 7318->7320 7319->7316 7320->7318 7322 406599 7321->7322 7323 404cec 7 API calls 7322->7323 7324 4065dd 7323->7324 7428 4045b0 7324->7428 7326 4065fd 7327 40317c 7 API calls 7326->7327 7328 406622 7327->7328 7329 405c7c GetVersionExA 7328->7329 7330 405c96 7329->7330 7330->6803 7330->6804 7332 4060bd 7331->7332 7333 405ad0 17 API calls 7332->7333 7334 4060e7 OpenProcess 7333->7334 7335 406108 VirtualAllocEx 7334->7335 7341 40631c 7334->7341 7433 4047b4 7335->7433 7337 4031a0 7 API calls 7339 40633a 7337->7339 7338 406133 VirtualAllocEx 7340 406154 7338->7340 7338->7341 7339->6808 7340->7341 7342 404cec 7 API calls 7340->7342 7341->7337 7343 40616e 7342->7343 7344 406176 GetModuleHandleA 7343->7344 7345 404cec 7 API calls 7344->7345 7346 40618b 7345->7346 7347 406193 GetModuleHandleA 7346->7347 7348 404cec 7 API calls 7347->7348 7349 4061a8 7348->7349 7350 4061b0 GetProcAddress 7349->7350 7351 4061bc 7350->7351 7352 404cec 7 API calls 7351->7352 7353 4061cc 7352->7353 7354 4061d4 GetProcAddress 7353->7354 7355 4061e0 7354->7355 7356 404cec 7 API calls 7355->7356 7357 4061f0 7356->7357 7358 4061f8 GetProcAddress 7357->7358 7359 406204 7358->7359 7360 404cec 7 API calls 7359->7360 7361 406214 7360->7361 7362 40621c GetProcAddress 7361->7362 7363 406228 7362->7363 7364 406241 WriteProcessMemory GlobalAlloc 7363->7364 7364->7341 7366 40626c 7364->7366 7365 4062ff WriteProcessMemory GlobalFree 7365->7341 7366->7365 7368 405d04 7367->7368 7369 404cec 7 API calls 7368->7369 7370 405d4c 7369->7370 7371 405d54 CreateFileMappingA 7370->7371 7372 405d69 MapViewOfFile 7371->7372 7373 405d7e 7371->7373 7372->7373 7374 404cec 7 API calls 7373->7374 7375 405d8b 7374->7375 7376 405d9e CreateFileMappingA 7375->7376 7377 405dbb 7376->7377 7379 405de0 7376->7379 7378 405dc5 MapViewOfFile 7377->7378 7378->7379 7381 404cec 7 API calls 7379->7381 7403 405ed8 7379->7403 7380 4031a0 7 API calls 7382 405fb9 7380->7382 7383 405e1e 7381->7383 7382->6807 7384 405e26 GetModuleHandleA 7383->7384 7385 404cec 7 API calls 7384->7385 7386 405e3b 7385->7386 7387 405e43 GetModuleHandleA 7386->7387 7388 404cec 7 API calls 7387->7388 7389 405e58 7388->7389 7390 405e60 GetProcAddress 7389->7390 7391 405e6c 7390->7391 7392 404cec 7 API calls 7391->7392 7393 405e7c 7392->7393 7394 405e84 GetProcAddress 7393->7394 7395 405e90 7394->7395 7396 404cec 7 API calls 7395->7396 7397 405ea0 7396->7397 7398 405ea8 GetProcAddress 7397->7398 7399 405eb4 7398->7399 7400 404cec 7 API calls 7399->7400 7401 405ec4 7400->7401 7402 405ecc GetProcAddress 7401->7402 7402->7403 7403->7380 7405 405bf8 7404->7405 7406 4056c4 7 API calls 7405->7406 7407 405c04 7406->7407 7408 405c3a 7407->7408 7409 405764 7 API calls 7407->7409 7408->6812 7414 4063d8 7408->7414 7412 405c19 7409->7412 7410 405c34 CloseHandle 7410->7408 7411 405c23 7411->7410 7412->7410 7412->7411 7413 405788 7 API calls 7412->7413 7413->7412 7415 4063ed 7414->7415 7434 40589c GetVersionExA SetLastError 7414->7434 7417 406479 7415->7417 7418 40640d SuspendThread GetThreadContext 7415->7418 7417->6816 7419 406460 ResumeThread PostThreadMessageA 7418->7419 7420 40642f SetThreadContext 7418->7420 7419->7417 7420->7419 7422 406491 VirtualFreeEx 7421->7422 7423 4064a9 7421->7423 7422->7423 7424 4064b2 VirtualFreeEx 7423->7424 7425 4064ca 7423->7425 7424->7425 7426 4064d3 CloseHandle 7425->7426 7427 4064de 7425->7427 7426->7427 7427->6796 7432 402794 7428->7432 7430 4045c3 CreateWindowExA 7431 4045fd 7430->7431 7431->7326 7432->7430 7433->7338 7435 4058e0 7434->7435 7436 4058d4 7434->7436 7459 4057e4 7435->7459 7451 4059a8 7436->7451 7441 4057e4 9 API calls 7442 4058f4 IsBadHugeReadPtr 7441->7442 7443 405909 7442->7443 7450 405902 7442->7450 7444 4057e4 9 API calls 7443->7444 7443->7450 7445 40591e GetCurrentProcessId 7444->7445 7446 405929 GetCurrentProcess 7445->7446 7448 405932 7445->7448 7447 405949 GetCurrentProcess DuplicateHandle GetCurrentProcess 7446->7447 7449 40596e CloseHandle 7447->7449 7447->7450 7448->7447 7448->7450 7449->7450 7450->7415 7452 404cec 7 API calls 7451->7452 7453 4059cb 7452->7453 7454 404cec 7 API calls 7453->7454 7455 4059eb 7454->7455 7456 4059f3 GetProcAddress NtOpenThread FreeLibrary 7455->7456 7457 4031a0 7 API calls 7456->7457 7458 4058db 7457->7458 7458->7450 7460 4057e9 7459->7460 7461 404cec 7 API calls 7460->7461 7462 405807 7461->7462 7463 404cec 7 API calls 7462->7463 7464 40581d 7463->7464 7469 405a98 GetModuleHandleA 7464->7469 7467 4031a0 7 API calls 7468 405855 7467->7468 7468->7441 7470 405aaf GetProcAddress 7469->7470 7471 40582b 7469->7471 7470->7471 7471->7467 7473 41150f 7472->7473 7490 4113c4 7473->7490 7476 41156f 7477 406644 68 API calls 7477->7476 7478 4056c4 7 API calls 7478->7476 7480 4063d8 26 API calls 7480->7476 7528 410094 7482->7528 7484 41165d 7486 4116c5 7485->7486 7487 4116e8 GetDriveTypeA 7486->7487 7489 41172a 7486->7489 7554 412274 7486->7554 7487->7486 7491 4113de 7490->7491 7492 411466 CreateFileA WriteFile 7491->7492 7493 411488 7491->7493 7492->7493 7493->7477 7493->7478 7493->7480 7494 40663e 7493->7494 7521 4063d6 7493->7521 7495 406644 7494->7495 7496 406663 7495->7496 7497 406679 7495->7497 7498 405ad0 17 API calls 7496->7498 7501 405ad0 17 API calls 7497->7501 7499 40666d 7498->7499 7500 406734 7499->7500 7502 40655c 8 API calls 7499->7502 7500->7476 7505 40668f 7501->7505 7503 4066bf 7502->7503 7504 405c7c GetVersionExA 7503->7504 7506 4066c4 7504->7506 7505->7499 7505->7500 7509 405ad0 17 API calls 7505->7509 7507 4066d1 7506->7507 7508 4066c8 7506->7508 7513 406080 30 API calls 7507->7513 7510 405cfc 17 API calls 7508->7510 7509->7499 7511 4066cf 7510->7511 7512 4066e4 7511->7512 7514 405be0 10 API calls 7511->7514 7512->7500 7512->7511 7513->7512 7515 4066ef 7514->7515 7516 40672b 7515->7516 7517 4063d8 26 API calls 7515->7517 7518 406488 3 API calls 7516->7518 7520 4066fc 7517->7520 7518->7500 7519 406714 GetMessageA 7519->7516 7519->7520 7520->7516 7520->7519 7522 40589c 21 API calls 7521->7522 7524 4063ed 7522->7524 7523 406479 7523->7476 7524->7523 7525 40640d SuspendThread GetThreadContext 7524->7525 7526 406460 ResumeThread PostThreadMessageA 7525->7526 7527 40642f SetThreadContext 7525->7527 7526->7523 7527->7526 7529 4100e8 LoadLibraryA 7528->7529 7531 41013a GetProcAddress 7529->7531 7533 410161 Icmp6CreateFile 7531->7533 7537 4101b6 7533->7537 7535 41038e 7535->7484 7536 410266 IcmpSendEcho 7536->7537 7537->7535 7537->7536 7539 41070c 7537->7539 7540 410714 7539->7540 7542 410831 7540->7542 7543 410494 7540->7543 7542->7537 7544 4104ad LookupAccountNameA 7543->7544 7546 410540 GetSidIdentifierAuthority GetSidSubAuthorityCount 7544->7546 7552 410682 7544->7552 7547 410565 7546->7547 7551 410586 7546->7551 7548 41056e GetSidSubAuthority 7547->7548 7548->7548 7548->7551 7549 410588 AllocateAndInitializeSid 7549->7551 7553 4105f0 7549->7553 7550 41061a AllocateAndInitializeSid 7550->7552 7550->7553 7551->7549 7551->7553 7552->7542 7553->7550 7553->7552 7555 41227d 7554->7555 7557 4122bd 7555->7557 7572 41209c 7555->7572 7558 4128d4 7557->7558 7559 412310 FindFirstFileA 7557->7559 7558->7486 7560 412321 7559->7560 7561 4123cf 7559->7561 7562 4123c0 FindNextFileA 7560->7562 7561->7558 7563 412426 FindFirstFileA 7561->7563 7562->7560 7562->7561 7564 4124b3 FindFirstFileA 7563->7564 7566 412437 7563->7566 7564->7558 7569 4124ef 7564->7569 7568 4124a8 FindNextFileA 7566->7568 7567 4128c5 FindNextFileA 7567->7558 7567->7569 7568->7564 7568->7566 7569->7567 7570 41287a Sleep 7569->7570 7571 412274 SetFileAttributesA 7569->7571 7570->7569 7571->7567 7573 4120a4 7572->7573 7574 412138 7573->7574 7575 412225 SetFileAttributesA 7573->7575 7574->7557 7575->7574

                                                                                                        Executed Functions

                                                                                                        Function 00408E18 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 321sleepthreadfileCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 408e18-408e71 1 408e73-408e7f GetACP 0->1 2 408e85-408eb5 call 402724 * 2 call 404af8 0->2 1->2 3 4092f0-409315 call 4031a0 call 40317c 1->3 14 408ebb-408ed5 ReadFile 2->14 15 408f8e-408f9a call 404be8 2->15 16 408f88-408f89 CloseHandle 14->16 17 408edb-408ee2 14->17 15->3 22 408fa0-408fc6 call 404be8 call 405424 15->22 16->15 17->16 19 408ee8-408efe call 4035bc 17->19 25 408f00-408f1d call 402724 19->25 26 408f1f-408f27 19->26 22->3 35 408fcc-408fdf call 404be8 22->35 29 408f2c-408f47 GlobalAlloc 25->29 26->29 29->16 31 408f49-408f84 call 402494 call 40493c ReadFile 29->31 31->16 43 408f86 31->43 44 408fe1-408fe7 call 4026c4 35->44 45 409045-409053 call 408cec 35->45 43->16 50 409058-409075 call 408060 GetLocalTime 44->50 51 408fe9-40900c call 402724 call 403508 44->51 45->50 52 409053 call 4086ac 45->52 50->3 57 40907b-409083 50->57 51->50 63 40900e-409017 51->63 52->50 59 409085-409094 57->59 60 4090b7-4090b9 57->60 59->3 62 40909a-4090a2 59->62 60->3 64 4090bf-4090e3 call 403214 call 408c70 60->64 62->60 65 4090a4-4090b1 62->65 66 409020-409026 63->66 64->3 75 4090e9-4091aa call 4035bc call 403374 call 407a14 call 4035bc call 4047cc call 403374 call 407964 call 4035bc call 4047cc call 408cec CreateThread 64->75 65->3 65->60 68 409028-409043 Sleep call 408cec call 4086ac 66->68 69 409019-40901b Sleep 66->69 68->50 69->66 100 4091d3-4091e3 75->100 101 4091ac-4091ce Sleep CreateThread 75->101 102 4091e9-409206 CreateThread 100->102 103 40928f-409296 100->103 101->100 102->103 104 40920b-409211 103->104 105 40929c-4092a3 103->105 106 409213-409224 Sleep 104->106 107 40924f-409265 call 404564 104->107 105->104 108 4092a9-4092b0 105->108 109 4092c2-4092c9 106->109 110 40922a-40924d call 4035bc call 406644 106->110 119 409267-40926e 107->119 120 409288-40928a Sleep 107->120 108->104 112 4092b6-4092bc 108->112 113 4092e7-4092e9 109->113 114 4092cb-4092e2 call 4035bc call 406644 109->114 110->109 112->104 112->109 113->3 114->113 119->109 123 409270-409283 TranslateMessage DispatchMessageA 119->123 120->103 123->120
                                                                                                        APIs
                                                                                                        • GetACP.KERNEL32(00000000,00409316), ref: 00408E78
                                                                                                        • ReadFile.KERNEL32(00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408ECE
                                                                                                        • GlobalAlloc.KERNEL32(00000000,01000000,00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408F33
                                                                                                        • ReadFile.KERNEL32(00000000,004149B4,004149C8,00000100,00000000,00000000,01000000,00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408F76
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408F89
                                                                                                        • Sleep.KERNEL32(00000064), ref: 0040901B
                                                                                                        • Sleep.KERNEL32(000000C8,00000064), ref: 0040902D
                                                                                                        • GetLocalTime.KERNEL32(?), ref: 00409061
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,004114D8,00000000,00000000,?), ref: 00409195
                                                                                                        • Sleep.KERNEL32(00007530,00000000,00000000,004114D8,00000000,00000000,?), ref: 004091B1
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,004116A4,00000000,00000000,?), ref: 004091CE
                                                                                                          • Part of subcall function 00408CEC: WinExec.KERNEL32(00000000,00000000), ref: 00408D60
                                                                                                          • Part of subcall function 00408CEC: CreateThread.KERNEL32(00000000,00000000,Function_00007C5C,00000000,00000000,?), ref: 00408D76
                                                                                                          • Part of subcall function 00408CEC: Sleep.KERNEL32(000003E8,00000000,00000000,Function_00007C5C,00000000,00000000,?,00000000,00000000,00000000,00408DA0,?,00000000,00000000,00000000,00000000), ref: 00408D80
                                                                                                          • Part of subcall function 004086AC: WriteFile.KERNEL32(00000000,004149B4,004149C8,?,00000000,00000000,0040883E), ref: 00408740
                                                                                                          • Part of subcall function 004086AC: CloseHandle.KERNEL32(00000000,00000000,004149B4,004149C8,?,00000000,00000000,0040883E), ref: 00408746
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00411644,00000000,00000000,00000001), ref: 00409201
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateSleepThread$File$CloseHandleRead$AllocExecGlobalLocalTimeWrite
                                                                                                        • String ID: 1A$2 :$3 :$4 :
                                                                                                        • API String ID: 3551504876-3247928596
                                                                                                        • Opcode ID: 5d1eab859ab59939996dd36fca5abacf0a5352ec25b1c13e0fc69a23ab271e8e
                                                                                                        • Instruction ID: 31187518035da60b80792194ae1518fb119b86c01197a01914ab64baf7b5bcc9
                                                                                                        • Opcode Fuzzy Hash: 5d1eab859ab59939996dd36fca5abacf0a5352ec25b1c13e0fc69a23ab271e8e
                                                                                                        • Instruction Fuzzy Hash: 25D191707002459BDB20EBA5CD81BDA77A5AB85308F5084BAE504BB3E2DB7C9D44CB6D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406080 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 216libraryloadermemoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,0040633B), ref: 004060F1
                                                                                                        • VirtualAllocEx.KERNEL32(004146D8,00000000,00000034,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 00406118
                                                                                                        • VirtualAllocEx.KERNEL32(004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 0040613D
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 00406177
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000000,004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000), ref: 00406194
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004061B2
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004061D6
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004061FA
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040621E
                                                                                                        • WriteProcessMemory.KERNEL32(004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,004146D8), ref: 00406255
                                                                                                        • GlobalAlloc.KERNEL32(00000000,00000034,004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040625D
                                                                                                        • WriteProcessMemory.KERNEL32(004146D8,004146E4,00000000,00000028,?,00000000,00000028,004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000), ref: 00406311
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406317
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$AllocProcess$GlobalHandleMemoryModuleVirtualWrite$FreeOpen
                                                                                                        • String ID: """"$3333$DDDD$UUUU
                                                                                                        • API String ID: 2728477586-898782787
                                                                                                        • Opcode ID: 28628f27002fbf08044838b70cb9772b018e45f47a271e9cab4e642c28808ec0
                                                                                                        • Instruction ID: cd4a34db083633d98d52f530c1bedad2a926e921ca23923ee29b4f10b1bf4e52
                                                                                                        • Opcode Fuzzy Hash: 28628f27002fbf08044838b70cb9772b018e45f47a271e9cab4e642c28808ec0
                                                                                                        • Instruction Fuzzy Hash: A5716371A042049BDB01EBA9D881ADE7AA8EB85318F12807FF901B73D1C77C5D518BAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040607E Relevance: 19.7, APIs: 13, Instructions: 189libraryloadermemoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,0040633B), ref: 004060F1
                                                                                                        • VirtualAllocEx.KERNEL32(004146D8,00000000,00000034,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 00406118
                                                                                                        • VirtualAllocEx.KERNEL32(004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 0040613D
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 00406177
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000000,004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000), ref: 00406194
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004061B2
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004061D6
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 004061FA
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0040621E
                                                                                                        • WriteProcessMemory.KERNEL32(004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,004146D8), ref: 00406255
                                                                                                        • GlobalAlloc.KERNEL32(00000000,00000034,004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040625D
                                                                                                        • WriteProcessMemory.KERNEL32(004146D8,004146E4,00000000,00000028,?,00000000,00000028,004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000), ref: 00406311
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406317
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$AllocProcess$GlobalHandleMemoryModuleVirtualWrite$FreeOpen
                                                                                                        • String ID:
                                                                                                        • API String ID: 2728477586-0
                                                                                                        • Opcode ID: 4c48b852da36243c5722a5837c3e46dd5900e29b1ab7e78f8f35d8c94ae288fe
                                                                                                        • Instruction ID: 927e129adec779722ae648cd73d58bb3dc1713892359062363fe12cb42dc54f6
                                                                                                        • Opcode Fuzzy Hash: 4c48b852da36243c5722a5837c3e46dd5900e29b1ab7e78f8f35d8c94ae288fe
                                                                                                        • Instruction Fuzzy Hash: BB614270A05204ABDB01EBA9D841BDE7AA8EB85308F11807FF905B72D1D67C5E548B6C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00412270 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 388filesleepCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 478 412270-412278 479 41227d-412282 478->479 479->479 480 412284-4122b3 479->480 482 4122c5-41231b FindFirstFileA 480->482 483 4122b5-4122bf call 41209c 480->483 494 412321-412323 482->494 495 4123d5-4123d9 482->495 483->482 487 4128da-4128ff 483->487 496 412325-412345 call 41176c 494->496 497 412347-412349 494->497 495->487 498 4123df-412431 FindFirstFileA 495->498 496->497 510 4123c0-4123c9 FindNextFileA 496->510 499 41234b 497->499 500 41234f-412352 497->500 518 412437-41243a 498->518 519 4124b9-4124e9 FindFirstFileA 498->519 499->500 502 412354-412388 500->502 503 41238e-4123bb call 41299c 500->503 502->503 503->510 510->494 513 4123cf 510->513 513->495 520 412476-4124b1 call 41299c FindNextFileA 518->520 521 41243c-412470 518->521 519->487 528 4124ef-4124f2 519->528 520->518 535 4124b3 520->535 521->520 530 4128c5-4128ce FindNextFileA 528->530 531 4124f8-41251b 528->531 530->528 534 4128d4 530->534 531->530 538 412521-412544 531->538 534->487 535->519 538->530 541 41254a-412570 538->541 541->530 544 412576-41259c 541->544 544->530 547 4125a2-4125c8 544->547 547->530 550 4125ce-4125f4 547->550 550->530 553 4125fa-412620 550->553 553->530 556 412626-41264c 553->556 556->530 559 412652-412678 556->559 559->530 562 41267e-4126b3 559->562 566 4126b9-4126df 562->566 567 41286d-412878 562->567 566->530 573 4126e5-41270b 566->573 570 412884-4128c0 call 412274 567->570 571 41287a-41287f Sleep 567->571 570->530 571->570 573->530 579 412711-412737 573->579 579->530 582 41273d-412763 579->582 582->530 585 412769-41278f 582->585 585->530 588 412795-4127bb 585->588 588->530 591 4127c1-4127e7 588->591 591->530 594 4127ed-412813 591->594 594->530 597 412819-41283f 594->597 597->530 600 412845-41286b 597->600 600->530 600->567
                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 00412311
                                                                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004123C2
                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 00412427
                                                                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004124AA
                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004124DF
                                                                                                        • Sleep.KERNELBASE(000003E8,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 0041287F
                                                                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004128C7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$FirstNext$Sleep
                                                                                                        • String ID: *.*
                                                                                                        • API String ID: 2971149947-438819550
                                                                                                        • Opcode ID: d68437cfec3259497949d69f4fba89faba0e572a6781d6cbd47a5228008fc1e0
                                                                                                        • Instruction ID: f4e0f3435a412f8ed0251d01937a0047a7beb343ccb8b1a1dcbbc5446864f455
                                                                                                        • Opcode Fuzzy Hash: d68437cfec3259497949d69f4fba89faba0e572a6781d6cbd47a5228008fc1e0
                                                                                                        • Instruction Fuzzy Hash: 1BF1227060015E9BDB10EB21D981ADEB7B9AF85304F0041FAE904B7395DBB8AF95CF58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00412274 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 386filesleepCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 603 412274-412278 604 41227d-412282 603->604 604->604 605 412284-4122b3 604->605 607 4122c5-41231b FindFirstFileA 605->607 608 4122b5-4122b8 call 41209c 605->608 619 412321-412323 607->619 620 4123d5-4123d9 607->620 610 4122bd-4122bf 608->610 610->607 612 4128da-4128ff 610->612 621 412325-412345 call 41176c 619->621 622 412347-412349 619->622 620->612 623 4123df-412431 FindFirstFileA 620->623 621->622 635 4123c0-4123c9 FindNextFileA 621->635 624 41234b 622->624 625 41234f-412352 622->625 643 412437-41243a 623->643 644 4124b9-4124e9 FindFirstFileA 623->644 624->625 627 412354-412388 625->627 628 41238e-4123bb call 41299c 625->628 627->628 628->635 635->619 638 4123cf 635->638 638->620 645 412476-4124b1 call 41299c FindNextFileA 643->645 646 41243c-412470 643->646 644->612 653 4124ef-4124f2 644->653 645->643 660 4124b3 645->660 646->645 655 4128c5-4128ce FindNextFileA 653->655 656 4124f8-41251b 653->656 655->653 659 4128d4 655->659 656->655 663 412521-412544 656->663 659->612 660->644 663->655 666 41254a-412570 663->666 666->655 669 412576-41259c 666->669 669->655 672 4125a2-4125c8 669->672 672->655 675 4125ce-4125f4 672->675 675->655 678 4125fa-412620 675->678 678->655 681 412626-41264c 678->681 681->655 684 412652-412678 681->684 684->655 687 41267e-4126b3 684->687 691 4126b9-4126df 687->691 692 41286d-412878 687->692 691->655 698 4126e5-41270b 691->698 695 412884-4128c0 call 412274 692->695 696 41287a-41287f Sleep 692->696 695->655 696->695 698->655 704 412711-412737 698->704 704->655 707 41273d-412763 704->707 707->655 710 412769-41278f 707->710 710->655 713 412795-4127bb 710->713 713->655 716 4127c1-4127e7 713->716 716->655 719 4127ed-412813 716->719 719->655 722 412819-41283f 719->722 722->655 725 412845-41286b 722->725 725->655 725->692
                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 00412311
                                                                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004123C2
                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 00412427
                                                                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004124AA
                                                                                                        • FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004124DF
                                                                                                        • Sleep.KERNELBASE(000003E8,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 0041287F
                                                                                                        • FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004128C7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$FirstNext$Sleep
                                                                                                        • String ID: *.*
                                                                                                        • API String ID: 2971149947-438819550
                                                                                                        • Opcode ID: abdf2c05c2abdae0e476e2ca05ec542183d4025cf41a4b7ea0b6a443805a74d1
                                                                                                        • Instruction ID: ebef391a05de77384a9e2c1304374f07d4c1e0ce7ede3ef647f8066e57270058
                                                                                                        • Opcode Fuzzy Hash: abdf2c05c2abdae0e476e2ca05ec542183d4025cf41a4b7ea0b6a443805a74d1
                                                                                                        • Instruction Fuzzy Hash: FEF1227060015E9BDB10EB21D981ADEB7B9AF85304F0041FAE904B7395DBB8AF95CF58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404A7E Relevance: 6.0, APIs: 4, Instructions: 38timefileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00404A9B
                                                                                                        • FindClose.KERNEL32(00000000,00000000,?), ref: 00404AA6
                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00404ABF
                                                                                                        • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 00404AD0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                        • String ID:
                                                                                                        • API String ID: 2659516521-0
                                                                                                        • Opcode ID: 7b85eac4b1a3a279762918128a7321b9e4af7a625b8e2597bd63167db8fde467
                                                                                                        • Instruction ID: cfb66d97a4458620e32502547ffaf112c731477f4709f29ce1b2c81448899ab5
                                                                                                        • Opcode Fuzzy Hash: 7b85eac4b1a3a279762918128a7321b9e4af7a625b8e2597bd63167db8fde467
                                                                                                        • Instruction Fuzzy Hash: 1BF0F4F5E0020CA6CB10EAE58C85ADF73AC9B44314F1016B7BA25F21D1EA78DB484B58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404A80 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileA.KERNEL32(00000000,?), ref: 00404A9B
                                                                                                        • FindClose.KERNEL32(00000000,00000000,?), ref: 00404AA6
                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00404ABF
                                                                                                        • FileTimeToDosDateTime.KERNEL32(?,?,?), ref: 00404AD0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                        • String ID:
                                                                                                        • API String ID: 2659516521-0
                                                                                                        • Opcode ID: 37400f56178e18522c05aaa80bf6c1d029f4f59d01df38f0252a9af7f1f688aa
                                                                                                        • Instruction ID: 0e455afea8bf352f7f4128c1cdc1dcdba9d206b0f22ed3badb52487a0127e13d
                                                                                                        • Opcode Fuzzy Hash: 37400f56178e18522c05aaa80bf6c1d029f4f59d01df38f0252a9af7f1f688aa
                                                                                                        • Instruction Fuzzy Hash: 1DF018F5E0020CA6CB10EAE58C85ACF73AC5B44314F1016B7BA25F31D1EA78DB484B58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004056C4 Relevance: 1.5, APIs: 1, Instructions: 17processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32First), ref: 004055AD
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32Next), ref: 004055C2
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32First), ref: 004055D7
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32Next), ref: 004055EC
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32First), ref: 00405601
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32Next), ref: 00405616
                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 004056D5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$CreateSnapshotToolhelp32
                                                                                                        • String ID:
                                                                                                        • API String ID: 2688753548-0
                                                                                                        • Opcode ID: ed686f120850da3fa21e12ba61e2b86cd2cec54570dc07a72cbb959f57b5ab63
                                                                                                        • Instruction ID: 839ee6cb28266a594e12e68f3bea0dce787f96421da71bbe92e1000953d39c0a
                                                                                                        • Opcode Fuzzy Hash: ed686f120850da3fa21e12ba61e2b86cd2cec54570dc07a72cbb959f57b5ab63
                                                                                                        • Instruction Fuzzy Hash: 97C080A270162057CF1066F53CC44C3578DCD451F63180873B508E7142D63E4C0055E8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00408E0D Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 286filememoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 199 408e0d-408e12 200 408e14-408e71 199->200 201 408df9-408e07 199->201 202 408e73-408e7f GetACP 200->202 203 408e85-408eb5 call 402724 * 2 call 404af8 200->203 201->199 202->203 204 4092f0-409315 call 4031a0 call 40317c 202->204 215 408ebb-408ed5 ReadFile 203->215 216 408f8e-408f93 call 404be8 203->216 217 408f88-408f89 CloseHandle 215->217 218 408edb-408ee2 215->218 221 408f98-408f9a 216->221 217->216 218->217 220 408ee8-408efe call 4035bc 218->220 226 408f00-408f1d call 402724 220->226 227 408f1f-408f27 220->227 221->204 223 408fa0-408fbf call 404be8 call 405424 221->223 234 408fc4-408fc6 223->234 230 408f2c-408f47 GlobalAlloc 226->230 227->230 230->217 232 408f49-408f5e call 402494 call 40493c 230->232 242 408f63-408f84 ReadFile 232->242 234->204 236 408fcc-408fd1 call 404be8 234->236 240 408fd6-408fdf 236->240 245 408fe1-408fe7 call 4026c4 240->245 246 409045-409053 call 408cec 240->246 242->217 244 408f86 242->244 244->217 251 409058 call 408060 245->251 252 408fe9-40900c call 402724 call 403508 245->252 246->251 253 409053 call 4086ac 246->253 256 40905d-409075 GetLocalTime 251->256 252->251 264 40900e-409017 252->264 253->251 256->204 258 40907b-409083 256->258 260 409085-409094 258->260 261 4090b7-4090b9 258->261 260->204 263 40909a-4090a2 260->263 261->204 265 4090bf-4090e3 call 403214 call 408c70 261->265 263->261 266 4090a4-4090b1 263->266 267 409020-409026 264->267 265->204 276 4090e9-409167 call 4035bc call 403374 call 407a14 call 4035bc call 4047cc call 403374 call 407964 call 4035bc call 4047cc 265->276 266->204 266->261 269 409028-40902d Sleep 267->269 270 409019-40901b Sleep 267->270 273 409037-40903e call 408cec call 4086ac 269->273 270->267 281 409043 273->281 297 40916c-4091aa call 408cec CreateThread 276->297 281->251 301 4091d3-4091e3 297->301 302 4091ac-4091ce Sleep CreateThread 297->302 303 4091e9-409206 CreateThread 301->303 304 40928f-409296 301->304 302->301 303->304 305 40920b-409211 304->305 306 40929c-4092a3 304->306 307 409213-409224 Sleep 305->307 308 40924f-409265 call 404564 305->308 306->305 309 4092a9-4092b0 306->309 310 4092c2-4092c9 307->310 311 40922a-40924d call 4035bc call 406644 307->311 320 409267-40926e 308->320 321 409288-40928a Sleep 308->321 309->305 313 4092b6-4092bc 309->313 314 4092e7-4092e9 310->314 315 4092cb-4092e2 call 4035bc call 406644 310->315 311->310 313->305 313->310 314->204 315->314 320->310 324 409270-409283 TranslateMessage DispatchMessageA 320->324 321->304 324->321
                                                                                                        APIs
                                                                                                        • GetACP.KERNEL32(00000000,00409316), ref: 00408E78
                                                                                                        • ReadFile.KERNEL32(00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408ECE
                                                                                                        • GlobalAlloc.KERNEL32(00000000,01000000,00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408F33
                                                                                                        • ReadFile.KERNEL32(00000000,004149B4,004149C8,00000100,00000000,00000000,01000000,00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408F76
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,00000100,?,00000000,00000000,00409316), ref: 00408F89
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileRead$AllocCloseGlobalHandle
                                                                                                        • String ID: 1A$2 :$3 :$4 :
                                                                                                        • API String ID: 1786585087-3247928596
                                                                                                        • Opcode ID: 7f97a98487d6329b4b722e52c3310ae66b5ddcaec54b91d5c04cc878b7de7cbd
                                                                                                        • Instruction ID: fa824470f33526cf805d5829a02d5cdf9eb97ca2791961bf6d243a1e9f9e900c
                                                                                                        • Opcode Fuzzy Hash: 7f97a98487d6329b4b722e52c3310ae66b5ddcaec54b91d5c04cc878b7de7cbd
                                                                                                        • Instruction Fuzzy Hash: 7BB1A2707002459BDB10EFA5CD81BDA77A5AB85308F5084BAE904BB3E2DB7C9D44CB6D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004088EC Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 196windowsleepCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • waveOutSetVolume.WINMM(00000000,00000000,00000000,?,00000000,00408BAD,?,?,?,?,00000000,00000000,?,00408C69), ref: 00408948
                                                                                                        • FindWindowA.USER32(00000000,00000000), ref: 00408980
                                                                                                        • FindWindowExA.USER32(00000000,00000000,00000000,00000000), ref: 004089B6
                                                                                                        • GetWindowTextA.USER32(00000000,?,00000100), ref: 004089D2
                                                                                                        • SendMessageA.USER32(00000000,000000F5,00000000,00000000), ref: 00408AE4
                                                                                                        • FindWindowExA.USER32(00000000,00000000,00000000,00000000), ref: 00408B12
                                                                                                        • SendMessageA.USER32(00000000,000000F5,00000000,00000000), ref: 00408B2E
                                                                                                        • FindWindowA.USER32(00000000,00000000), ref: 00408B51
                                                                                                        • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00408B63
                                                                                                        • Sleep.KERNEL32(00000064,00000000,00000010,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00408BAD), ref: 00408B6A
                                                                                                        • waveOutSetVolume.WINMM(00000000,00000000,00000064,00000000,00000000,00000000,00000000,00000000,?,00000000,00408BAD,?,?,?,?,00000000), ref: 00408B8A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Window$Find$MessageSend$Volumewave$SleepText
                                                                                                        • String ID: Lx9}$TJPm
                                                                                                        • API String ID: 986522139-2949040528
                                                                                                        • Opcode ID: 875e83536ce87544bb12eb9b98c781485ba00c548aaf1a0472f068ec2d9d4588
                                                                                                        • Instruction ID: 70d50d190c06535c6b69dc30afbd55c369f4475cc301b0dcc2bb84f9017a16b2
                                                                                                        • Opcode Fuzzy Hash: 875e83536ce87544bb12eb9b98c781485ba00c548aaf1a0472f068ec2d9d4588
                                                                                                        • Instruction Fuzzy Hash: C96165706042196BDB21EB958D82BDE767DAB84304F0044BFB644B62C1DEBCAF44CE5D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004129F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106filetimeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 728 4129f0-4129f6 729 4129f8-412a10 ReadFile 728->729 730 412a2c 728->730 734 412a17-412a2a 729->734 731 412a2e-412a30 730->731 732 412b01-412b1c 731->732 733 412a36-412aa4 SetFilePointer * 2 731->733 745 412ae6-412afa SetFileTime 733->745 746 412aa6-412aaa 733->746 734->731 745->732 746->745 747 412aac-412ab0 746->747 747->745 748 412ab2-412acb SetFilePointer 747->748 748->745 749 412acd-412adf 748->749 749->745
                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(?,021C2020,?,?,00000000), ref: 00412A06
                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000), ref: 00412A46
                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00412A6F
                                                                                                        • SetFilePointer.KERNELBASE(?,01BAD176,00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00412AC4
                                                                                                        • SetFileTime.KERNELBASE(?,?,?,?,?,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00412AF3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$Pointer$ReadTime
                                                                                                        • String ID: h$+A
                                                                                                        • API String ID: 3990174214-2537120419
                                                                                                        • Opcode ID: 7340ee21a37061dd577016fd315587a3f3007e7e5c0cfedd57d52de562b00754
                                                                                                        • Instruction ID: 989852666789e6a45b545c7e77325101b2d304f6167dd45a78c73f7cd03b08bd
                                                                                                        • Opcode Fuzzy Hash: 7340ee21a37061dd577016fd315587a3f3007e7e5c0cfedd57d52de562b00754
                                                                                                        • Instruction Fuzzy Hash: 92310CB17102046BDB10EBB59D82FEF73ADAB88714F10443BF501F7292DA78A9458B6C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004063D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54threadinjectionwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 751 4063d6-4063f9 call 40589c 754 406479-406484 751->754 755 4063fb-406402 751->755 755->754 756 406404-40640b 755->756 756->754 757 40640d-40642d SuspendThread GetThreadContext 756->757 758 406460-406477 ResumeThread PostThreadMessageA 757->758 759 40642f-40645b SetThreadContext 757->759 758->754 759->758
                                                                                                        APIs
                                                                                                          • Part of subcall function 0040589C: GetVersionExA.KERNEL32(00000094), ref: 004058BF
                                                                                                          • Part of subcall function 0040589C: SetLastError.KERNEL32(00000032,00000094), ref: 004058C6
                                                                                                        • SuspendThread.KERNEL32(004146D4,?,00000000,00000000,004066FC), ref: 00406413
                                                                                                        • GetThreadContext.KERNEL32(004146D4,?,004146D4), ref: 00406426
                                                                                                        • SetThreadContext.KERNEL32(004146D4,?,004146D4,?,004146D4,?,00000000,00000000,004066FC), ref: 0040645B
                                                                                                        • ResumeThread.KERNEL32(004146D4,004146D4,?,004146D4,?,00000000,00000000,004066FC), ref: 00406466
                                                                                                        • PostThreadMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00406472
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Thread$Context$ErrorLastMessagePostResumeSuspendVersion
                                                                                                        • String ID: FA
                                                                                                        • API String ID: 2443462671-1137249561
                                                                                                        • Opcode ID: be3fed72bbe8631bcf43b0372a98dd79e2cc6a7b36f130b3fcf7a5e5c6fdea86
                                                                                                        • Instruction ID: b2822fe96cfa7d7e2b9198ce47eaf27999aab1ae4d0bf51b3360f127cca78045
                                                                                                        • Opcode Fuzzy Hash: be3fed72bbe8631bcf43b0372a98dd79e2cc6a7b36f130b3fcf7a5e5c6fdea86
                                                                                                        • Instruction Fuzzy Hash: D91161716012009BD710EBA8ED45BDA33E8A7D6318F05443EB684A72D1C77C5D55CB5D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004063D8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54threadinjectionwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 760 4063d8-4063e7 761 4063ed-4063f9 760->761 762 4063e8 call 40589c 760->762 763 406479-406484 761->763 764 4063fb-406402 761->764 762->761 764->763 765 406404-40640b 764->765 765->763 766 40640d-40642d SuspendThread GetThreadContext 765->766 767 406460-406477 ResumeThread PostThreadMessageA 766->767 768 40642f-40645b SetThreadContext 766->768 767->763 768->767
                                                                                                        APIs
                                                                                                          • Part of subcall function 0040589C: GetVersionExA.KERNEL32(00000094), ref: 004058BF
                                                                                                          • Part of subcall function 0040589C: SetLastError.KERNEL32(00000032,00000094), ref: 004058C6
                                                                                                        • SuspendThread.KERNEL32(004146D4,?,00000000,00000000,004066FC), ref: 00406413
                                                                                                        • GetThreadContext.KERNEL32(004146D4,?,004146D4), ref: 00406426
                                                                                                        • SetThreadContext.KERNEL32(004146D4,?,004146D4,?,004146D4,?,00000000,00000000,004066FC), ref: 0040645B
                                                                                                        • ResumeThread.KERNEL32(004146D4,004146D4,?,004146D4,?,00000000,00000000,004066FC), ref: 00406466
                                                                                                        • PostThreadMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00406472
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Thread$Context$ErrorLastMessagePostResumeSuspendVersion
                                                                                                        • String ID: FA
                                                                                                        • API String ID: 2443462671-1137249561
                                                                                                        • Opcode ID: c7ff3fe54ba034334d8f19d949008bba334a4d75187a0ec3ca37343fceace2c8
                                                                                                        • Instruction ID: f25b51f82493eb3f500b2ee623b37788a8000352358c6defb4b7ebffbe4ce2ab
                                                                                                        • Opcode Fuzzy Hash: c7ff3fe54ba034334d8f19d949008bba334a4d75187a0ec3ca37343fceace2c8
                                                                                                        • Instruction Fuzzy Hash: 1B116DB1601200ABD720EBA8ED45FDA33E8A796358F01443AB684A72E1C77C5D94CB6D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00407654 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                          • Part of subcall function 004056C4: CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 004056D5
                                                                                                          • Part of subcall function 004056E4: Process32First.KERNEL32(00000000,?), ref: 004056F5
                                                                                                        • OpenProcess.KERNEL32(00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000,00000000,00000000), ref: 0040771E
                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000), ref: 0040772C
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010), ref: 0040773B
                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000), ref: 0040776B
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010), ref: 0040777A
                                                                                                        • CloseHandle.KERNEL32(00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000,00000000), ref: 004077A5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleProcess$Terminate$CreateFirstOpenProcess32SnapshotToolhelp32
                                                                                                        • String ID:
                                                                                                        • API String ID: 3354056507-0
                                                                                                        • Opcode ID: 705e37a4d648908acfb4bd10255005f29ab90b7d93a47eef398d075e5594a4c3
                                                                                                        • Instruction ID: ec1c44e73d1f6081969ea4a7fab328dc911df8dbbbfe6cc0e152391e75d77423
                                                                                                        • Opcode Fuzzy Hash: 705e37a4d648908acfb4bd10255005f29ab90b7d93a47eef398d075e5594a4c3
                                                                                                        • Instruction Fuzzy Hash: 4741CA70A046455BDB10EB66CC81B9EB7E99F85344F1044BBB904F32C2DB7DAF418B5A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00411898 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 288libraryloaderCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 810 411898-41189f 811 4118a4-4118a9 810->811 811->811 812 4118ab-4118ca 811->812 814 4118d0-411991 812->814 815 411996-4119a0 812->815 814->815 816 4119a5-4119c0 815->816 822 4119c2-4119fa 816->822 831 411a71-411d16 822->831 832 4119fc-411a23 LoadLibraryA 822->832 832->831 840 411a25-411a6c GetProcAddress * 2 832->840 840->831
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,00000000,00000000), ref: 00411A12
                                                                                                        • GetProcAddress.KERNELBASE(004211F8,00000000,?,?,?,00000000,00000000), ref: 00411A41
                                                                                                        • GetProcAddress.KERNELBASE(004211F8,00000000,?,?,?,00000000,00000000), ref: 00411A67
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                        • String ID: ,|@$advapi32.dll
                                                                                                        • API String ID: 2238633743-2815055797
                                                                                                        • Opcode ID: cd6c08e0d22d54fe63c41944960151818dce7621df73a495a6295fa2416a5809
                                                                                                        • Instruction ID: 4d73f79455883c1a7442b75410d061cd21ccf9f1b9646b7a59d417ace13096b6
                                                                                                        • Opcode Fuzzy Hash: cd6c08e0d22d54fe63c41944960151818dce7621df73a495a6295fa2416a5809
                                                                                                        • Instruction Fuzzy Hash: 1AB11D78B012148BDB00FBE6D4419CD7769EB89304F50857BFA00BB366DB7CAE458A6D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0041189C Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 286libraryloaderCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 901 41189c-41189f 902 4118a4-4118a9 901->902 902->902 903 4118ab-4118ca 902->903 905 4118d0-411991 903->905 906 411996-4119a0 903->906 905->906 907 4119a5-4119c0 906->907 913 4119c2-4119fa 907->913 922 411a71-411d16 913->922 923 4119fc-411a23 LoadLibraryA 913->923 923->922 931 411a25-411a6c GetProcAddress * 2 923->931 931->922
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,00000000,00000000), ref: 00411A12
                                                                                                        • GetProcAddress.KERNELBASE(004211F8,00000000,?,?,?,00000000,00000000), ref: 00411A41
                                                                                                        • GetProcAddress.KERNELBASE(004211F8,00000000,?,?,?,00000000,00000000), ref: 00411A67
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$LibraryLoad
                                                                                                        • String ID: ,|@$advapi32.dll
                                                                                                        • API String ID: 2238633743-2815055797
                                                                                                        • Opcode ID: ff978d542756aa9160157194455e40b396ce3757b988032c8642c1e7de99c216
                                                                                                        • Instruction ID: 5c145356b72dc4e399e978b090091b10d5f99751a2119c8a22f60241f882a9f5
                                                                                                        • Opcode Fuzzy Hash: ff978d542756aa9160157194455e40b396ce3757b988032c8642c1e7de99c216
                                                                                                        • Instruction Fuzzy Hash: 12B11E78B002148BDB00FBE6D4419CD7769EB89304F50857BFA00BB366DB7CAE458A6D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00410094 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225libraryfileloaderCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 992 410094-4101d0 LoadLibraryA GetProcAddress Icmp6CreateFile 1009 4101d6-4101da 992->1009 1010 41038e-4103d8 992->1010 1011 4101e1 1009->1011 1013 4101e8-410201 1011->1013 1014 410372-41037c 1013->1014 1015 410207-41027b IcmpSendEcho 1013->1015 1014->1013 1016 410382-410388 1014->1016 1026 410281-41028b 1015->1026 1027 41035e-410366 1015->1027 1016->1010 1016->1011 1026->1027 1029 410291-410298 1026->1029 1027->1014 1030 410300-410322 1029->1030 1031 41029a-4102c2 call 41070c 1029->1031 1030->1027 1040 410324-41035b 1030->1040 1031->1030 1041 4102c4-4102fe 1031->1041 1040->1027 1041->1027
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,?,?,0041165D,00000000,00411692,?,?,00000000), ref: 00410122
                                                                                                        • GetProcAddress.KERNELBASE(?,00000000,?,?,?,?,?,0041165D,00000000,00411692,?,?,00000000), ref: 0041014A
                                                                                                        • Icmp6CreateFile.IPHLPAPI(?,?,?,?,?,0041165D,00000000,00411692,?,?,00000000), ref: 004101A1
                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,00000000,00000000,?,?,?,?,?,?,?,?,0041165D,00000000,00411692), ref: 00410270
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressCreateEchoFileIcmpIcmp6LibraryLoadProcSend
                                                                                                        • String ID: @
                                                                                                        • API String ID: 1546838217-2766056989
                                                                                                        • Opcode ID: 090998e2a9fa0612ed6e2fde6769afd00e4812a0c87ed55cfdb0b3b5e4ba8b75
                                                                                                        • Instruction ID: ea6c8e924c377924d6be48547d6d4d8689407b3bf54211e04a827f606203445c
                                                                                                        • Opcode Fuzzy Hash: 090998e2a9fa0612ed6e2fde6769afd00e4812a0c87ed55cfdb0b3b5e4ba8b75
                                                                                                        • Instruction Fuzzy Hash: 7291F1B19001489FDB10EFA9D941ADEBBB9EF49304F1041BAE904F7291D7789E81CF58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0041008C Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 204libraryfileloaderCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1048 41008c-4101d0 LoadLibraryA GetProcAddress Icmp6CreateFile 1065 4101d6-4101da 1048->1065 1066 41038e-4103d8 1048->1066 1067 4101e1 1065->1067 1069 4101e8-410201 1067->1069 1070 410372-41037c 1069->1070 1071 410207-41027b IcmpSendEcho 1069->1071 1070->1069 1072 410382-410388 1070->1072 1082 410281-41028b 1071->1082 1083 41035e-410366 1071->1083 1072->1066 1072->1067 1082->1083 1085 410291-410298 1082->1085 1083->1070 1086 410300-410322 1085->1086 1087 41029a-4102c2 call 41070c 1085->1087 1086->1083 1096 410324-41035b 1086->1096 1087->1086 1097 4102c4-4102fe 1087->1097 1096->1083 1097->1083
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNELBASE(00000000,?,?,?,?,?,0041165D,00000000,00411692,?,?,00000000), ref: 00410122
                                                                                                        • GetProcAddress.KERNELBASE(?,00000000,?,?,?,?,?,0041165D,00000000,00411692,?,?,00000000), ref: 0041014A
                                                                                                        • Icmp6CreateFile.IPHLPAPI(?,?,?,?,?,0041165D,00000000,00411692,?,?,00000000), ref: 004101A1
                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,00000000,00000000,?,?,?,?,?,?,?,?,0041165D,00000000,00411692), ref: 00410270
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressCreateEchoFileIcmpIcmp6LibraryLoadProcSend
                                                                                                        • String ID: @
                                                                                                        • API String ID: 1546838217-2766056989
                                                                                                        • Opcode ID: ad15162664f2c066bcd502f36c717db744c3151eb10c131eb70ea1431a8cec3b
                                                                                                        • Instruction ID: 0cfcaaec187654064747d5965891f01ddf892f3e8ae8c5455fb1a4395a62d0d6
                                                                                                        • Opcode Fuzzy Hash: ad15162664f2c066bcd502f36c717db744c3151eb10c131eb70ea1431a8cec3b
                                                                                                        • Instruction Fuzzy Hash: 2A8112749042489FDB11EFA9D841ADEBBB8EF49304F1040BAE904F7292D7789E81CF58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00408598 Relevance: 7.6, APIs: 5, Instructions: 85networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CleanupStartupgethostbynamegethostname
                                                                                                        • String ID:
                                                                                                        • API String ID: 1171034671-0
                                                                                                        • Opcode ID: fb20915eb89fffe66af26c2a5e813def5d750ba9350e7eba459f9840fc0c2170
                                                                                                        • Instruction ID: db9c45a9494b50756ed017c7ce626e7458328609c70ad3b1079d0133dcaa53d7
                                                                                                        • Opcode Fuzzy Hash: fb20915eb89fffe66af26c2a5e813def5d750ba9350e7eba459f9840fc0c2170
                                                                                                        • Instruction Fuzzy Hash: DF2130B23081409BDB14FE69D9919AAB3A8EFC5314B10043FE681A73D2DA3AEC018749
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00408604 Relevance: 6.0, APIs: 4, Instructions: 35networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                                        • String ID:
                                                                                                        • API String ID: 348263315-0
                                                                                                        • Opcode ID: c407d9dceb25f197fb26a5678a6ea3982c821a701fb4ca4be0cc37362abdc800
                                                                                                        • Instruction ID: 1aa325e4708fd81286ce95a6a2c09051f3b3550a0ef909aa871e50fece363696
                                                                                                        • Opcode Fuzzy Hash: c407d9dceb25f197fb26a5678a6ea3982c821a701fb4ca4be0cc37362abdc800
                                                                                                        • Instruction Fuzzy Hash: 8AF0B4F15042046BC210BAA59C41AAB73ACDFC4320F05083FB7C4A71C2EA7AE904876A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004086AC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 105fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00408010: GetWindowsDirectoryA.KERNEL32(00000000,00000105), ref: 0040802B
                                                                                                          • Part of subcall function 00404948: CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,0040811C,00000000,00000000,00000000,00000000,004084AD), ref: 00404965
                                                                                                        • WriteFile.KERNEL32(00000000,004149B4,004149C8,?,00000000,00000000,0040883E), ref: 00408740
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,004149B4,004149C8,?,00000000,00000000,0040883E), ref: 00408746
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: File$CloseCreateDirectoryHandleWindowsWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3593887667-3019521637
                                                                                                        • Opcode ID: ac882a85daceaedcced03ee18c68f7bcbdc649d90fe8a159bc3294c572d04f99
                                                                                                        • Instruction ID: b9d7a1adddb167e9c12515bb9ecde7dd1ef1d871406839d2c4ac7d83d588dd4c
                                                                                                        • Opcode Fuzzy Hash: ac882a85daceaedcced03ee18c68f7bcbdc649d90fe8a159bc3294c572d04f99
                                                                                                        • Instruction Fuzzy Hash: 79412FB19001189BCB50FB65CD42ACE77FCAB48304F5085BAB548F7292DB389F848F58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406644 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetMessageA.USER32(?,004146E0,00000000,00000000), ref: 00406722
                                                                                                          • Part of subcall function 00405AD0: CloseHandle.KERNEL32(00000000), ref: 00405BA3
                                                                                                          • Part of subcall function 00406080: OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,0040633B), ref: 004060F1
                                                                                                          • Part of subcall function 00406080: VirtualAllocEx.KERNEL32(004146D8,00000000,00000034,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 00406118
                                                                                                          • Part of subcall function 00406080: VirtualAllocEx.KERNEL32(004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 0040613D
                                                                                                          • Part of subcall function 00406080: GetModuleHandleA.KERNEL32(00000000,004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000,0040633B), ref: 00406177
                                                                                                          • Part of subcall function 00406080: GetModuleHandleA.KERNEL32(00000000,00000000,004146D8,00000000,00000001,00001000,00000004,004146D8,00000000,00000028,00001000,00000040,001F0FFF,00000000,00000000,00000000), ref: 00406194
                                                                                                          • Part of subcall function 00406080: GetProcAddress.KERNEL32(00000000,00000000), ref: 004061B2
                                                                                                          • Part of subcall function 00406080: GetProcAddress.KERNEL32(00000000,00000000), ref: 004061D6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Handle$AddressAllocModuleProcVirtual$CloseMessageOpenProcess
                                                                                                        • String ID: GA$GA
                                                                                                        • API String ID: 4090076618-3631556783
                                                                                                        • Opcode ID: 1cf790cf7e5c6c65b8c62993aed25b7241c28635f9a32ebb4fe4abe963394174
                                                                                                        • Instruction ID: 876e008b9a910ccf7e1a2a08bb110f60e1cd46e58f8d75c58597467473e2aa74
                                                                                                        • Opcode Fuzzy Hash: 1cf790cf7e5c6c65b8c62993aed25b7241c28635f9a32ebb4fe4abe963394174
                                                                                                        • Instruction Fuzzy Hash: 0321E231B0421557CB21F7AA984279F77D89B42358F06027BB902BB3C6DA7DCD158B9C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004114D6 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 77sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(000001F4,00000000,004115D2,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004114FD
                                                                                                          • Part of subcall function 004113C4: CreateFileA.KERNELBASE(00000000), ref: 00411467
                                                                                                          • Part of subcall function 004113C4: WriteFile.KERNELBASE(00000000,?,?,?,00000000), ref: 0041147D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$CreateSleepWrite
                                                                                                        • String ID: lFA$
                                                                                                        • API String ID: 3982278710-1346813165
                                                                                                        • Opcode ID: 424b1cbc5f8331655d441a4973b06bd9682f9a9d2284d45baf84aa1621b166c2
                                                                                                        • Instruction ID: 9b38067453750bed3cf8995da314b8bb0d3d72f3ad0aaf1cf8005c3047b09451
                                                                                                        • Opcode Fuzzy Hash: 424b1cbc5f8331655d441a4973b06bd9682f9a9d2284d45baf84aa1621b166c2
                                                                                                        • Instruction Fuzzy Hash: E8218674704204ABD710EBAAC842A9E77ADEB84304F50447FB511B73A1DB7CDE448A2D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004114D8 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 76sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(000001F4,00000000,004115D2,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004114FD
                                                                                                          • Part of subcall function 004113C4: CreateFileA.KERNELBASE(00000000), ref: 00411467
                                                                                                          • Part of subcall function 004113C4: WriteFile.KERNELBASE(00000000,?,?,?,00000000), ref: 0041147D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$CreateSleepWrite
                                                                                                        • String ID: lFA$
                                                                                                        • API String ID: 3982278710-1346813165
                                                                                                        • Opcode ID: 00ea3b78f3fcd1baf081526832f5194fad406c1bc23e68143f27f5301074225c
                                                                                                        • Instruction ID: 262ceaba64ea0147e22e6bc622b322375c27bd16e9b3facb6e2ab82a644daf3a
                                                                                                        • Opcode Fuzzy Hash: 00ea3b78f3fcd1baf081526832f5194fad406c1bc23e68143f27f5301074225c
                                                                                                        • Instruction Fuzzy Hash: 63219874704204ABD710EBA6C842ADE77ADEB84304F50447FB511B73A1DB7CDE448A2D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040726C Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 004056C4: CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 004056D5
                                                                                                          • Part of subcall function 004056E4: Process32First.KERNEL32(00000000,?), ref: 004056F5
                                                                                                        • OpenProcess.KERNEL32(00000001,000000FF,?,00000000,0040731D), ref: 004072D3
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,000000FF,?,00000000,0040731D), ref: 004072E7
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,0040731D), ref: 00407302
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$CreateFirstOpenProcessProcess32SnapshotToolhelp32
                                                                                                        • String ID:
                                                                                                        • API String ID: 3205802024-0
                                                                                                        • Opcode ID: ab80dcc74cd0ddc6a92baf1ab5600acc85da43344c3dc2cee50e72bce371541f
                                                                                                        • Instruction ID: 02844635ba530b61f71a6e728a6cc4ff894e005181313f524afe79a62fca3fb3
                                                                                                        • Opcode Fuzzy Hash: ab80dcc74cd0ddc6a92baf1ab5600acc85da43344c3dc2cee50e72bce371541f
                                                                                                        • Instruction Fuzzy Hash: DE113630B046055ADB20AA3A8C42A9E72DCDB49708F60087BFD05F76C2DA3DED05969A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00408CEC Relevance: 4.6, APIs: 3, Instructions: 57sleepprocessthreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 0040732C: FindWindowA.USER32(00000000,00000000), ref: 00407375
                                                                                                          • Part of subcall function 0040732C: SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00407381
                                                                                                          • Part of subcall function 00407654: CloseHandle.KERNEL32(00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000,00000000), ref: 004077A5
                                                                                                          • Part of subcall function 00407654: OpenProcess.KERNEL32(00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000,00000000,00000000), ref: 0040771E
                                                                                                          • Part of subcall function 00407654: TerminateProcess.KERNEL32(00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000), ref: 0040772C
                                                                                                          • Part of subcall function 00407654: CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010), ref: 0040773B
                                                                                                          • Part of subcall function 00407654: TerminateProcess.KERNEL32(00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000), ref: 0040776B
                                                                                                          • Part of subcall function 00407654: CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010), ref: 0040777A
                                                                                                        • WinExec.KERNEL32(00000000,00000000), ref: 00408D60
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00007C5C,00000000,00000000,?), ref: 00408D76
                                                                                                        • Sleep.KERNEL32(000003E8,00000000,00000000,Function_00007C5C,00000000,00000000,?,00000000,00000000,00000000,00408DA0,?,00000000,00000000,00000000,00000000), ref: 00408D80
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleProcess$Terminate$CreateExecFindMessageOpenSendSleepThreadWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 363977679-0
                                                                                                        • Opcode ID: bf7dbd55572e5bfa733523200d1a9c9040bd35a784015c24e9b770469cbbf2be
                                                                                                        • Instruction ID: 7276593d7c4bd3d16d6b14d41031767fb5e6af6179d1ee5736d28d97352f4d14
                                                                                                        • Opcode Fuzzy Hash: bf7dbd55572e5bfa733523200d1a9c9040bd35a784015c24e9b770469cbbf2be
                                                                                                        • Instruction Fuzzy Hash: 2E115E74A04604ABE700FBA6CD43B9E7768EF94704F90457FB640B62C2DFBC6A04952E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00408DA6 Relevance: 4.5, APIs: 3, Instructions: 34sleepprocessthreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00407654: CloseHandle.KERNEL32(00000000,00000001,000000FF,?,00000000,004077D0,?,?,?,?,?,0040739B,00000000,00000010,00000000,00000000), ref: 004077A5
                                                                                                        • WinExec.KERNEL32(00000000,00000000), ref: 00408D60
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00007C5C,00000000,00000000,?), ref: 00408D76
                                                                                                        • Sleep.KERNEL32(000003E8,00000000,00000000,Function_00007C5C,00000000,00000000,?,00000000,00000000,00000000,00408DA0,?,00000000,00000000,00000000,00000000), ref: 00408D80
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateExecHandleSleepThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 577517396-0
                                                                                                        • Opcode ID: b723ede49c3e7c0b12e8655cab13467a111da5c44f8a575ce5c66a9aff9e577e
                                                                                                        • Instruction ID: f9c7372a96016df91737b8d14652f962ca7e0b9398583322f850bbbfb4b74610
                                                                                                        • Opcode Fuzzy Hash: b723ede49c3e7c0b12e8655cab13467a111da5c44f8a575ce5c66a9aff9e577e
                                                                                                        • Instruction Fuzzy Hash: 5EF030B46443056AE700F7E6CE43B6E7768AF84704F60457BB644B61C2DEBC5A00853E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004117D8 Relevance: 4.5, APIs: 3, Instructions: 33fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OpenFileMappingA.KERNEL32(00000006,00000000,0041183C), ref: 004117E4
                                                                                                        • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00004054,0041183C), ref: 0041180D
                                                                                                        • MapViewOfFile.KERNELBASE(000001C0,00000006,00000000,00000000,00000000), ref: 00411825
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$Mapping$CreateOpenView
                                                                                                        • String ID:
                                                                                                        • API String ID: 3104125078-0
                                                                                                        • Opcode ID: 5874c75a2311fb35371b9003a6ddd3f24ef18c384e81a412387ae49f7351080d
                                                                                                        • Instruction ID: d000deedb62c7ef8ac047395d3a216b9e07029491d55c0c8543439727f33a83e
                                                                                                        • Opcode Fuzzy Hash: 5874c75a2311fb35371b9003a6ddd3f24ef18c384e81a412387ae49f7351080d
                                                                                                        • Instruction Fuzzy Hash: 84F012F07D630069F2207BB56D43F933250A781B18F24933BB3506E1E2D3B95440860D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004116A4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDriveTypeA.KERNELBASE(00000000,?,?,?,?,00000000,00000000,00000000), ref: 004116E9
                                                                                                          • Part of subcall function 00412274: FindFirstFileA.KERNELBASE(00000000,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 00412311
                                                                                                          • Part of subcall function 00412274: FindNextFileA.KERNELBASE(00000000,?,?,?,?,?,0000003A,00000000,00000000,?,?,0041170D,00000000,00411717), ref: 004123C2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$DriveFirstNextType
                                                                                                        • String ID: B
                                                                                                        • API String ID: 2144272536-1255198513
                                                                                                        • Opcode ID: 3fd7ef65c67d8f5d32009f90cff4a9007d8e3b7bfd4978300eb2ebcf2ba7b19f
                                                                                                        • Instruction ID: 005e38221e4a65f329cac04de2a3228d9e81576436c6036ffe9a92c4e4da946e
                                                                                                        • Opcode Fuzzy Hash: 3fd7ef65c67d8f5d32009f90cff4a9007d8e3b7bfd4978300eb2ebcf2ba7b19f
                                                                                                        • Instruction Fuzzy Hash: A111C630604208BFDB15DFA5CC52BAEBBBCEB49714F6184BAE900A26E1D7795E41C518
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404640 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CompareStringA.KERNEL32(00000400,00000001,7595AA98,00000008,.rsrc,00000008,00414688,?,7595AA98,00405134,7595AB90,000000F8,00000000,00405181), ref: 00404654
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CompareString
                                                                                                        • String ID: .rsrc
                                                                                                        • API String ID: 1825529933-3873502192
                                                                                                        • Opcode ID: a74d75858852a789b1e7895ff2537e26ef9702a8a813652039fa794cae223079
                                                                                                        • Instruction ID: 50905d0bed1a0fb9d92bbd658d488f4c26d9511e0f968904ffe035eeaacd49de
                                                                                                        • Opcode Fuzzy Hash: a74d75858852a789b1e7895ff2537e26ef9702a8a813652039fa794cae223079
                                                                                                        • Instruction Fuzzy Hash: FEC04CE33451243AF73410AF2CCAEB78D9DCBD6BFAE15417AF708E719194A14D4140B4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004113C4 Relevance: 3.1, APIs: 2, Instructions: 89fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateFileA.KERNELBASE(00000000), ref: 00411467
                                                                                                        • WriteFile.KERNELBASE(00000000,?,?,?,00000000), ref: 0041147D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$CreateWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 2263783195-0
                                                                                                        • Opcode ID: 339c62cd975a7573d9901ca5fe489d57fba28c6b6f611d4e36d00abe9646957e
                                                                                                        • Instruction ID: 34a3719f846d824c3896fb9ede6fb6b86a2b8b597160f08a5053a14b0083ec4a
                                                                                                        • Opcode Fuzzy Hash: 339c62cd975a7573d9901ca5fe489d57fba28c6b6f611d4e36d00abe9646957e
                                                                                                        • Instruction Fuzzy Hash: 1A212470A00205AFDB10EBA5DC42FAF7BACEB49714F51447AB604F76E1D53C9D018A2C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040732A Relevance: 3.1, APIs: 2, Instructions: 82windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindWindowA.USER32(00000000,00000000), ref: 00407375
                                                                                                        • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00407381
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FindMessageSendWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1741975844-0
                                                                                                        • Opcode ID: 4e4ab3cd6e0a9ee8819c83b6c609ccd9e6c568bdbdb085a6ec3c30772a31570d
                                                                                                        • Instruction ID: 77ef07748bd32a53b96bb10187f7aed9faf80db68eaccb4e55ccdd61cdbab19b
                                                                                                        • Opcode Fuzzy Hash: 4e4ab3cd6e0a9ee8819c83b6c609ccd9e6c568bdbdb085a6ec3c30772a31570d
                                                                                                        • Instruction Fuzzy Hash: FD312374E082045BDB00F7EAC842A9D7B78EF94314F5144BAB500B72D2DB7C7E44996E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040732C Relevance: 3.1, APIs: 2, Instructions: 81windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindWindowA.USER32(00000000,00000000), ref: 00407375
                                                                                                        • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 00407381
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FindMessageSendWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1741975844-0
                                                                                                        • Opcode ID: 89d58aaa246071b95dc41c31de45cc73d88b2cf9739ae4fc0cacad5e1f64b295
                                                                                                        • Instruction ID: a9a31478cecaa7243c45117cd6280bc73a7ba56df7342acb2a3c3b44d8f67c2f
                                                                                                        • Opcode Fuzzy Hash: 89d58aaa246071b95dc41c31de45cc73d88b2cf9739ae4fc0cacad5e1f64b295
                                                                                                        • Instruction Fuzzy Hash: AE212374E082045BDB00F7EAC842A9D7B78EF94314F5144BAB500772D2DB7C7E44996E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040633D Relevance: 3.0, APIs: 2, Instructions: 33injectionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNEL32(004146D8,004146E4,00000000,00000028,?,00000000,00000028,004146D8,004146E8,004147B8,00000001,?,00000000,00000000,00000000,00000000), ref: 00406311
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406317
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeGlobalMemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3717901188-0
                                                                                                        • Opcode ID: eb1038f5912ba180d4acfcd1f8f308efc4ce2c56f10c5d9a8573418a5c2e9f4d
                                                                                                        • Instruction ID: 9dff465d669879e1c223800f2c3b944a2ec234c55452bc1733b18d5762f482a8
                                                                                                        • Opcode Fuzzy Hash: eb1038f5912ba180d4acfcd1f8f308efc4ce2c56f10c5d9a8573418a5c2e9f4d
                                                                                                        • Instruction Fuzzy Hash: 79F0E275614104AFD701EFA4D845AEE3BF8EF89324FA2807BF801B7681C67C6A018729
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004012EC Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004015F5), ref: 0040131B
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004015F5), ref: 00401342
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Virtual$AllocFree
                                                                                                        • String ID:
                                                                                                        • API String ID: 2087232378-0
                                                                                                        • Opcode ID: 08427473a48a4c7faf83fc44c272211166d4c4babff61c484065de1127dd8d99
                                                                                                        • Instruction ID: 8bcc43e5a928ad3f442f774ab8cf60b218e980aebdd979239b60762fe83619eb
                                                                                                        • Opcode Fuzzy Hash: 08427473a48a4c7faf83fc44c272211166d4c4babff61c484065de1127dd8d99
                                                                                                        • Instruction Fuzzy Hash: E6F027B2B006201BFB20566A0C82B579AD49F8A790F154177FF08FF3D9D6B98C0143A8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0041209C Relevance: 1.6, APIs: 1, Instructions: 139COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFileAttributesA.KERNELBASE(00000000,?,00000000,00000005,00000000,00000000,?,004122BD,00000000,00412900,?,?,?,?,0000003A,00000000), ref: 00412226
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: 1c7445e9db1fd97d9a26e58fde1131fb0a6c9f980d6be4971e9186f0e2bcee46
                                                                                                        • Instruction ID: 882d51401aa6a19045844325f29d330ce501def98fc931ac450e3df2d9a833dd
                                                                                                        • Opcode Fuzzy Hash: 1c7445e9db1fd97d9a26e58fde1131fb0a6c9f980d6be4971e9186f0e2bcee46
                                                                                                        • Instruction Fuzzy Hash: 4E414070A00118ABCB00FBA6CD42ADEBBB9AF84705F50457AF510F72D2DA7C9E558B5C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040663E Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetMessageA.USER32(?,004146E0,00000000,00000000), ref: 00406722
                                                                                                          • Part of subcall function 00405AD0: CloseHandle.KERNEL32(00000000), ref: 00405BA3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleMessage
                                                                                                        • String ID:
                                                                                                        • API String ID: 838768475-0
                                                                                                        • Opcode ID: e6774d4aad9a97f44b4e5cf5131965daac3c6e874627905c77adaca4a916cf35
                                                                                                        • Instruction ID: e22cea799714d905c8a99604419c493b6d489d3edf80b8dcda06502cae12dcb9
                                                                                                        • Opcode Fuzzy Hash: e6774d4aad9a97f44b4e5cf5131965daac3c6e874627905c77adaca4a916cf35
                                                                                                        • Instruction Fuzzy Hash: 2C1121216083145BC711A7A95C5179B7BE88B42348F0A017BAC42FB3C3DA7ECD258BAD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004045AE Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004045EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: 32a566675b899b064ce63f77519ae448b9d6b0ff81a9f2182ffafe9c729c99c1
                                                                                                        • Instruction ID: 8f9a36629abc3bae289f4360b1f21bb4118de9d1901ad987ccabe7e19614f1d1
                                                                                                        • Opcode Fuzzy Hash: 32a566675b899b064ce63f77519ae448b9d6b0ff81a9f2182ffafe9c729c99c1
                                                                                                        • Instruction Fuzzy Hash: BEF0E2B2300118BF8B84DE9DDC81EDB77ECEB8C264B01412AFA0CE3240D274ED108BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004045B0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExA.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004045EF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: bb37d39e997615d1861323f03777ea5cebc0958590432d94aa17e6a52010a895
                                                                                                        • Instruction ID: 7d62b6778a4e9c3e1b7643e841041c8d91f2086ccc6763cbf268ecbfd9049288
                                                                                                        • Opcode Fuzzy Hash: bb37d39e997615d1861323f03777ea5cebc0958590432d94aa17e6a52010a895
                                                                                                        • Instruction Fuzzy Hash: 6BF0E2B2200118BF8B84DE9DDC81EDB77ECEB8C264B01412AFA0CE3240D274ED108BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00435B93 Relevance: 1.5, APIs: 1, Instructions: 23libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000435000.00000040.00000001.01000000.00000003.sdmp, Offset: 00435000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_435000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: LibraryLoad
                                                                                                        • String ID:
                                                                                                        • API String ID: 1029625771-0
                                                                                                        • Opcode ID: e585679bad66df01b42987fdf3c089a27cc43a86cea0c1fd01ab478c883b1eb7
                                                                                                        • Instruction ID: c9e3b4aea83e13b66a3b3aea3559459cce3c7e640b118f92d2e4c4379c26e1a6
                                                                                                        • Opcode Fuzzy Hash: e585679bad66df01b42987fdf3c089a27cc43a86cea0c1fd01ab478c883b1eb7
                                                                                                        • Instruction Fuzzy Hash: 37D05E602419266B9F224A20884477BFB89ED19751708105AA883CA287D608A60682BA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404660 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00404674
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: 823258083f62cd9d31a0340c762559f80cca59b917e26d9061a0dc69fcf4cc3d
                                                                                                        • Instruction ID: 2d86fbe8c687db27ead1253bd77db325c5f4864a8850c420e5db2e999a969571
                                                                                                        • Opcode Fuzzy Hash: 823258083f62cd9d31a0340c762559f80cca59b917e26d9061a0dc69fcf4cc3d
                                                                                                        • Instruction Fuzzy Hash: 3ED05BF23082507AD620A55B5C84EA75BDCCBC5774F11073EB668C31C1E6348C01C275
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004056E4 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32First), ref: 004055AD
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32Next), ref: 004055C2
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32First), ref: 004055D7
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32Next), ref: 004055EC
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32First), ref: 00405601
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32Next), ref: 00405616
                                                                                                        • Process32First.KERNEL32(00000000,?), ref: 004056F5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$FirstProcess32
                                                                                                        • String ID:
                                                                                                        • API String ID: 1693932912-0
                                                                                                        • Opcode ID: 2fd72982b74c76b96ce89454fb543954bef4caf892beaa66091ddeb59fddbd3c
                                                                                                        • Instruction ID: e70f827e320a342c900bc9b3e45fa71bd4a9302e3e1926636b5e809978898c8e
                                                                                                        • Opcode Fuzzy Hash: 2fd72982b74c76b96ce89454fb543954bef4caf892beaa66091ddeb59fddbd3c
                                                                                                        • Instruction Fuzzy Hash: F0C0805270162067CE1067F52DC44C3478DCD451F63040473B508E3152D67E4C006698
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405704 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32First), ref: 004055AD
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32Next), ref: 004055C2
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32First), ref: 004055D7
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32Next), ref: 004055EC
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32First), ref: 00405601
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32Next), ref: 00405616
                                                                                                        • Process32Next.KERNEL32(00000000,?), ref: 00405715
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$NextProcess32
                                                                                                        • String ID:
                                                                                                        • API String ID: 2754352285-0
                                                                                                        • Opcode ID: 7d7a56f907b3cc09a29d9c03ed1a43ef2eb0b61a4fe9385e54484d810353cc23
                                                                                                        • Instruction ID: 0e0bb81ea535a4b72aac8a7407703473e360be7ff5e40f8252df4ce3ccba2de7
                                                                                                        • Opcode Fuzzy Hash: 7d7a56f907b3cc09a29d9c03ed1a43ef2eb0b61a4fe9385e54484d810353cc23
                                                                                                        • Instruction Fuzzy Hash: E3C0805231262057CE1076F92CC44C3478DCD851FB3040473B904E3143D23D4C006598
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405724 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32First), ref: 004055AD
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Process32Next), ref: 004055C2
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32First), ref: 004055D7
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Module32Next), ref: 004055EC
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32First), ref: 00405601
                                                                                                          • Part of subcall function 00405564: GetProcAddress.KERNEL32(004146AC,Thread32Next), ref: 00405616
                                                                                                        • Module32First.KERNEL32(00000000,00000224), ref: 00405735
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$FirstModule32
                                                                                                        • String ID:
                                                                                                        • API String ID: 361915587-0
                                                                                                        • Opcode ID: 1a88afdc069cd7bfd9ae69dea21ce00bc76c0bcda134e8380d1719c2381fb111
                                                                                                        • Instruction ID: f3d047e875fe1b977dc81f3b613d55669bfd6862b4f5c804d75d9b3436e2dc89
                                                                                                        • Opcode Fuzzy Hash: 1a88afdc069cd7bfd9ae69dea21ce00bc76c0bcda134e8380d1719c2381fb111
                                                                                                        • Instruction Fuzzy Hash: 04C0809230162057CF1066F52CC44C3478DCD451FA3044477F504E7143D23D4C006594
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404948 Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,0040811C,00000000,00000000,00000000,00000000,004084AD), ref: 00404965
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: ad7f9904d05f324b8d7d84d7ed5fe6d79d3b054028fcdf51c5b3f2a652b7309e
                                                                                                        • Instruction ID: b6d3621584ea6129867225985f1f257cafbc0dd9dd0964142fed539d02821f31
                                                                                                        • Opcode Fuzzy Hash: ad7f9904d05f324b8d7d84d7ed5fe6d79d3b054028fcdf51c5b3f2a652b7309e
                                                                                                        • Instruction Fuzzy Hash: BBC048A038030032F52025A60C87F16044C1784B09F60946ABB40BE1D3D8E9A908412C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004013C8 Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 0040142C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 1263568516-0
                                                                                                        • Opcode ID: f7b86747b42ccb2a4703c6dd174fddcdda1bf2c31a1b5692bd68377a88ffa385
                                                                                                        • Instruction ID: d928bc2553ab6a33d9e09a71dbd0c3ff969f0b7b41f768b29ece476e065d475b
                                                                                                        • Opcode Fuzzy Hash: f7b86747b42ccb2a4703c6dd174fddcdda1bf2c31a1b5692bd68377a88ffa385
                                                                                                        • Instruction Fuzzy Hash: 2121E370608311AFC714DF19C880A5BBBE1EF89764F14C92AE5989B3A1D738E841CB5A
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401480 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 004014ED
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: ea87cd0443fd4eb131f4895e7b55617ecf9356458f53725fc2888fc068aeff37
                                                                                                        • Instruction ID: d9cc59b0dba6951c4430e6ce08998eab69190dd78ecf659acf4db4a8fc7af9db
                                                                                                        • Opcode Fuzzy Hash: ea87cd0443fd4eb131f4895e7b55617ecf9356458f53725fc2888fc068aeff37
                                                                                                        • Instruction Fuzzy Hash: 64117C72A04705AFC3109F29CC80A6BBBE1EFC4761F15C53DE599AB3A5D634AC408789
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401514 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00004000,?,0000000C,?,00414600,00418603,0040177B), ref: 0040156E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 1263568516-0
                                                                                                        • Opcode ID: 48732a016edefac0492a44719d6b106a73e33225b8312900b6f5c3d68f378bda
                                                                                                        • Instruction ID: eaaaa4c172c0edbbce5c1e843482bce5a2087c9fd073075ce621594b8945f4b1
                                                                                                        • Opcode Fuzzy Hash: 48732a016edefac0492a44719d6b106a73e33225b8312900b6f5c3d68f378bda
                                                                                                        • Instruction Fuzzy Hash: FA01F7726086106FC3109E28DCC0A6A77E5DBC5764F15453DDE86AB391D33AAC0287A8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401148 Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LocalAlloc.KERNEL32(00000000,00000644,?,004145D4,004011AB,?,?,004013AB,?,00100000,00002000,00000004,004145E4,?,?), ref: 0040115B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocLocal
                                                                                                        • String ID:
                                                                                                        • API String ID: 3494564517-0
                                                                                                        • Opcode ID: 4d925fb7ec30449985bc592c4ebca9ae59c75541228328ac0eaee709023fc762
                                                                                                        • Instruction ID: 3a998128481a9fd1b27ea91f2f64042e493b8fe8da4c71752c43e5ecdb0bb75c
                                                                                                        • Opcode Fuzzy Hash: 4d925fb7ec30449985bc592c4ebca9ae59c75541228328ac0eaee709023fc762
                                                                                                        • Instruction Fuzzy Hash: C2F082B17012019FD719CF69D88079677E6EB9D315F20C17EE284DB3A0E7358C418B44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 00406C48 Relevance: 10.6, APIs: 7, Instructions: 100memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00406D7C), ref: 00406C7E
                                                                                                        • VirtualAllocEx.KERNEL32(004147F8,00000000,00000010,00001000,00000040,001F0FFF,00000000,?,00000000,00406D7C), ref: 00406CA5
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,004147F8,00000000,00000010,00001000,00000040,001F0FFF,00000000,?,00000000,00406D7C), ref: 00406CD2
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00406CF0
                                                                                                        • GlobalAlloc.KERNEL32(00000000,00000010,00000000,00000000,00000000,004147F8,00000000,00000010,00001000,00000040,001F0FFF,00000000,?,00000000,00406D7C), ref: 00406D00
                                                                                                        • WriteProcessMemory.KERNEL32(004147F8,004147FC,00000000,00000010,?,00000000,00000010,00000000,00000000,00000000,004147F8,00000000,00000010,00001000,00000040,001F0FFF), ref: 00406D54
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406D5A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocGlobalProcess$AddressFreeHandleMemoryModuleOpenProcVirtualWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 1057217036-0
                                                                                                        • Opcode ID: 4d5be6f918e31428f69c00149091087c6b48925ae8160d6bea862ef5fd26e4c6
                                                                                                        • Instruction ID: 6d98f16ceec21b2df91733ddff3b15a709dfc0006f2e2848943e8290e39bee45
                                                                                                        • Opcode Fuzzy Hash: 4d5be6f918e31428f69c00149091087c6b48925ae8160d6bea862ef5fd26e4c6
                                                                                                        • Instruction Fuzzy Hash: 223166B0B002156FD710EBA6CC45B9B7ABDEF85304F52843AB525B72D2D7789D10CA6C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00410494 Relevance: 9.2, APIs: 6, Instructions: 212memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LookupAccountNameA.ADVAPI32(00000000,?,?,00000000,00000000), ref: 00410532
                                                                                                        • GetSidIdentifierAuthority.ADVAPI32(?,?,?,00000000,00000000), ref: 00410544
                                                                                                        • GetSidSubAuthorityCount.ADVAPI32(?,?,?,00000000,00000000), ref: 00410551
                                                                                                        • GetSidSubAuthority.ADVAPI32(?,00000000,?,?,00000000,00000000), ref: 00410573
                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,000001F4,?,?,?,?,?,?,00000000,00000000), ref: 004105BE
                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,000003E8,?,?,?,?,?,?,00000000,00000000), ref: 00410650
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Authority$AllocateInitialize$AccountCountIdentifierLookupName
                                                                                                        • String ID:
                                                                                                        • API String ID: 1380009054-0
                                                                                                        • Opcode ID: 1113e2aa5a4c1af161ed9c99522ee60c3b7137e61ebf34bade82cb7c09bcb801
                                                                                                        • Instruction ID: 0238dbf935423a0e87fef9418983eab68790da05c3b56fd143396de8ee8ea8d6
                                                                                                        • Opcode Fuzzy Hash: 1113e2aa5a4c1af161ed9c99522ee60c3b7137e61ebf34bade82cb7c09bcb801
                                                                                                        • Instruction Fuzzy Hash: AF7198B6A00109AFCB41EFE9C985DEFB7FCAB48304F14446AF615F3251D778AA418B64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404091 Relevance: 9.0, APIs: 6, Instructions: 41threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 004028F0: GetKeyboardType.USER32(00000000), ref: 004028F5
                                                                                                          • Part of subcall function 004028F0: GetKeyboardType.USER32(00000001), ref: 00402901
                                                                                                        • GetCommandLineA.KERNEL32 ref: 004040F7
                                                                                                        • GetVersion.KERNEL32 ref: 0040410B
                                                                                                        • GetVersion.KERNEL32 ref: 0040411C
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00404158
                                                                                                          • Part of subcall function 00402920: RegCloseKey.ADVAPI32(?), ref: 0040298B
                                                                                                        • GetThreadLocale.KERNEL32 ref: 00404138
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: KeyboardThreadTypeVersion$CloseCommandCurrentLineLocale
                                                                                                        • String ID:
                                                                                                        • API String ID: 4195824345-0
                                                                                                        • Opcode ID: ace7110eab815eb754fffea8534568479e122414d44513cfc4420b9bd13cd02e
                                                                                                        • Instruction ID: 3b1c19c6048b0b203e616a377ece26b2d1c7bf902853b62f79b1b660d136f9ec
                                                                                                        • Opcode Fuzzy Hash: ace7110eab815eb754fffea8534568479e122414d44513cfc4420b9bd13cd02e
                                                                                                        • Instruction Fuzzy Hash: 830100F5814281D9E710BFA2A94A3C93E606B95349F11843FD3846A6F2D77D4184D72E
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004059A8 Relevance: 4.6, APIs: 3, Instructions: 51librarynativeloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetProcAddress.KERNEL32(004130EC,00000000), ref: 004059FA
                                                                                                        • NtOpenThread.NTDLL(004130C8,001F03FF,004130CC,004130E4), ref: 00405A28
                                                                                                        • FreeLibrary.KERNEL32(004130EC), ref: 00405A34
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressFreeLibraryOpenProcThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2519325987-0
                                                                                                        • Opcode ID: 331ba5c7ada792d0de9922cafa1100a555f6a2065c6c5bba40dacfbfeb0e7709
                                                                                                        • Instruction ID: 32b223509f06043fd7144bfa8112929dc78682c5e803f5ca8dd53b472b00344e
                                                                                                        • Opcode Fuzzy Hash: 331ba5c7ada792d0de9922cafa1100a555f6a2065c6c5bba40dacfbfeb0e7709
                                                                                                        • Instruction Fuzzy Hash: 6C112E74740204AFD700EFA5DC82E897FECE74C716B518576F904A7295D6799B008E1C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406A18 Relevance: 4.6, APIs: 3, Instructions: 51libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LoadLibraryA.KERNEL32(00000000,00000000,00406ACA,?,?,00000000,00000000,?,0040694B,?,?,00000032,00000094), ref: 00406A44
                                                                                                        • GetProcAddress.KERNEL32(00413118,00000000), ref: 00406A6A
                                                                                                        • FreeLibrary.KERNEL32(00413118,?,?,00000000,00000000,?,0040694B,?,?,00000032,00000094), ref: 00406AA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 145871493-0
                                                                                                        • Opcode ID: e6829631ee084d2a26157a5295308d58405e6bf40a407163076af54ec39b2f61
                                                                                                        • Instruction ID: 6013b95be170a42edb5223345eea6da9442eb037b5043cd6b86a8c27e16d5076
                                                                                                        • Opcode Fuzzy Hash: e6829631ee084d2a26157a5295308d58405e6bf40a407163076af54ec39b2f61
                                                                                                        • Instruction Fuzzy Hash: B7113C74740204BFD700EFA5DC43AC9BBACEB49702B51C47AB900B7292DB78AF408A5C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405A5B Relevance: 4.5, APIs: 3, Instructions: 32librarynativeloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetProcAddress.KERNEL32(004130EC,00000000), ref: 004059FA
                                                                                                        • NtOpenThread.NTDLL(004130C8,001F03FF,004130CC,004130E4), ref: 00405A28
                                                                                                        • FreeLibrary.KERNEL32(004130EC), ref: 00405A34
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressFreeLibraryOpenProcThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2519325987-0
                                                                                                        • Opcode ID: 1fc4605632366e44c795365f3495403f58b5f881b260c50fe13b76b2eef688ab
                                                                                                        • Instruction ID: d56c44c0854350e20fd3b87e68bd5f1674223601ca578f99894b3f80aba7d53a
                                                                                                        • Opcode Fuzzy Hash: 1fc4605632366e44c795365f3495403f58b5f881b260c50fe13b76b2eef688ab
                                                                                                        • Instruction Fuzzy Hash: 2AF03070744200AFD700EF64EC42A9A3FE8E74C722750C07BF908E7299D67997448B1C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00404372 Relevance: .0, Instructions: 2COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 77958205c0094cf229e896e28d3bea62b68ac8184c94e6dce1562b42082b0a47
                                                                                                        • Instruction ID: 6ce34b682e233009337539e96fe7520e23606e0b1df543616a661c8a7af7e85f
                                                                                                        • Opcode Fuzzy Hash: 77958205c0094cf229e896e28d3bea62b68ac8184c94e6dce1562b42082b0a47
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004081E8 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 182fileprocesstimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNEL32 ref: 004081EA
                                                                                                        • ReadFile.KERNEL32(?,004149B0,01000000,?,00000000), ref: 00408201
                                                                                                        • SetFileTime.KERNEL32(?,?,?,?,?,004149B0,01000000,?,00000000), ref: 0040822B
                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,004149B0,01000000,?,00000000), ref: 00408231
                                                                                                        • GetTempPathA.KERNEL32(00000104,00000000), ref: 00408249
                                                                                                        • GetTempFileNameA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00408281
                                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004082CB
                                                                                                        • CloseHandle.KERNEL32(00000000,",?,del ",:try2,",?,00408544, goto try2,00408544,?,if exist ",",?," ",?), ref: 004083C2
                                                                                                        • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000040,00000000,00000000,?,?,00000000,",?,del ",:try2,"), ref: 00408439
                                                                                                        • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000040,00000000,00000000,?,?,00000000,",?,del ",:try2), ref: 00408449
                                                                                                        • CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000040,00000000,00000000,?,?,00000000,",?,del "), ref: 00408455
                                                                                                        • CloseHandle.KERNEL32(004149C0,?,?,00000000,00000000,00000000,00000000,00000000,00000040,00000000,00000000,?,?,00000000,",?), ref: 00408466
                                                                                                        • ExitProcess.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000040,00000000,00000000,?,?,00000000,",?), ref: 00408477
                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 0040847D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle$File$ProcessTemp$CreateDeleteExitNamePathPointerReadTime
                                                                                                        • String ID: goto try1$ goto try2$"$" "$:try1Del "$:try2$del "$if exist "$ren "
                                                                                                        • API String ID: 874351084-3461296845
                                                                                                        • Opcode ID: fddd15903364461644b872233e26bedd30c37b451eafb4f75685ef38f46e4f32
                                                                                                        • Instruction ID: d62a015a3e53bd3ed1334ac39665398df0c5a7590638bc423a54aad4f3e88feb
                                                                                                        • Opcode Fuzzy Hash: fddd15903364461644b872233e26bedd30c37b451eafb4f75685ef38f46e4f32
                                                                                                        • Instruction Fuzzy Hash: FA612070A00219AADB10FBA5CD86FDE77B8AF84308F5040BAB644B61D1DB7C9A458B5D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405CFC Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 212filelibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000034,00000000), ref: 00405D5E
                                                                                                        • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000028,000000FF,00000000,00000004,00000000,00000028,00000000,00000000,00405FBA), ref: 00405D74
                                                                                                        • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000001,00000000), ref: 00405DA8
                                                                                                        • MapViewOfFile.KERNEL32(004146DC,000F001F,00000000,00000000,00000001,000000FF,00000000,00000004,00000000,00000001,00000000,00000000,000F001F,00000000,00000000,00000028), ref: 00405DD6
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,000000FF,00000000,00000004,00000000,00000001,00000000,000000FF,00000000,00000004,00000000,00000028,00000000,00000000,00405FBA), ref: 00405E27
                                                                                                        • GetModuleHandleA.KERNEL32(00000000,00000000,000000FF,00000000,00000004,00000000,00000001,00000000,000000FF,00000000,00000004,00000000,00000028,00000000,00000000,00405FBA), ref: 00405E44
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00405E62
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00405E86
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00405EAA
                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00405ECE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressFileProc$CreateHandleMappingModuleView
                                                                                                        • String ID: """"$3333$DDDD$UUUU
                                                                                                        • API String ID: 1297180625-898782787
                                                                                                        • Opcode ID: a7d43252b64e96eb982ec05a11bf1ae528ea1eca6a0800b3c5e14506f8bd2b21
                                                                                                        • Instruction ID: 15b7d5aa700b1a74c44d48972ae7851aa4a221810553fca68ebe09cd54593542
                                                                                                        • Opcode Fuzzy Hash: a7d43252b64e96eb982ec05a11bf1ae528ea1eca6a0800b3c5e14506f8bd2b21
                                                                                                        • Instruction Fuzzy Hash: C5716FB4A006059FDB10EBA5DC81B9E77A9EB85308F11813BB601BB2D2D77C5D41CB6D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00405564 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 50libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetProcAddress.KERNEL32(004146AC,Process32First), ref: 004055AD
                                                                                                        • GetProcAddress.KERNEL32(004146AC,Process32Next), ref: 004055C2
                                                                                                        • GetProcAddress.KERNEL32(004146AC,Module32First), ref: 004055D7
                                                                                                        • GetProcAddress.KERNEL32(004146AC,Module32Next), ref: 004055EC
                                                                                                        • GetProcAddress.KERNEL32(004146AC,Thread32First), ref: 00405601
                                                                                                        • GetProcAddress.KERNEL32(004146AC,Thread32Next), ref: 00405616
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc
                                                                                                        • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$Thread32First$Thread32Next$kernel32.dll
                                                                                                        • API String ID: 190572456-2962697876
                                                                                                        • Opcode ID: f15c56edf7da876d0e54ba2f93f997ffa0c45f077265a169f092d6331c469c73
                                                                                                        • Instruction ID: db35e2df9d5cfc5c0cba6a67ceb9481dc0da3f34f8a0d86005d30a60f984f25c
                                                                                                        • Opcode Fuzzy Hash: f15c56edf7da876d0e54ba2f93f997ffa0c45f077265a169f092d6331c469c73
                                                                                                        • Instruction Fuzzy Hash: CC11D0F0605A44AEDF00DFA5BC45A9636A4E39670DB60DA3AB508EB2E4D6BD4450CF0C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040690C Relevance: 16.6, APIs: 11, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetVersionExA.KERNEL32(00000094), ref: 0040692F
                                                                                                        • SetLastError.KERNEL32(00000032,00000094), ref: 00406936
                                                                                                        • GetCurrentProcessId.KERNEL32(00000032,00000094), ref: 00406950
                                                                                                        • IsBadHugeReadPtr.KERNEL32(00000000,00000060), ref: 00406969
                                                                                                          • Part of subcall function 00406A18: LoadLibraryA.KERNEL32(00000000,00000000,00406ACA,?,?,00000000,00000000,?,0040694B,?,?,00000032,00000094), ref: 00406A44
                                                                                                          • Part of subcall function 00406A18: GetProcAddress.KERNEL32(00413118,00000000), ref: 00406A6A
                                                                                                          • Part of subcall function 00406A18: FreeLibrary.KERNEL32(00413118,?,?,00000000,00000000,?,0040694B,?,?,00000032,00000094), ref: 00406AA4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Library$AddressCurrentErrorFreeHugeLastLoadProcProcessReadVersion
                                                                                                        • String ID:
                                                                                                        • API String ID: 891950598-0
                                                                                                        • Opcode ID: 2202dec260b459618af9ea606024fc91a730a9b96f0d12d014a5a2cddf1fb0c8
                                                                                                        • Instruction ID: 6fcd9be705258e9d04ae720cb1aca767d52dcf9da9c1e0c9d6c4864a75e816ae
                                                                                                        • Opcode Fuzzy Hash: 2202dec260b459618af9ea606024fc91a730a9b96f0d12d014a5a2cddf1fb0c8
                                                                                                        • Instruction Fuzzy Hash: 3621F8B2B00204AADB20B6B68C42F5F629C9F85354F12447BFA06F72C2D53CCD518BB9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004025D8 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 109COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CharNextA.USER32(00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 0040260F
                                                                                                        • CharNextA.USER32(00000000,00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 00402619
                                                                                                        • CharNextA.USER32(00000000,00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 00402636
                                                                                                        • CharNextA.USER32(00000000,00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 00402669
                                                                                                        • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 00402673
                                                                                                        • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 00402697
                                                                                                        • CharNextA.USER32(00000000,00000000,?,?,00000000,?,004026E8,00000000,00402715,?,?,?,00000000), ref: 004026A1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CharNext
                                                                                                        • String ID: "$"
                                                                                                        • API String ID: 3213498283-3758156766
                                                                                                        • Opcode ID: 7d0c19f60c8e90aca165dea0dd5ab1982545db660e16bfc19da8276599b29a65
                                                                                                        • Instruction ID: d7200547532895219afa35d94cf8b10960ba7affd6ddf9ecc249bf875fdf8aaa
                                                                                                        • Opcode Fuzzy Hash: 7d0c19f60c8e90aca165dea0dd5ab1982545db660e16bfc19da8276599b29a65
                                                                                                        • Instruction Fuzzy Hash: 0921FCA46043C06AEB3129750ED87676B89461A304B2808B7D5C2B73D7D4FF4C87922D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040589C Relevance: 13.6, APIs: 9, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetVersionExA.KERNEL32(00000094), ref: 004058BF
                                                                                                        • SetLastError.KERNEL32(00000032,00000094), ref: 004058C6
                                                                                                        • IsBadHugeReadPtr.KERNEL32(00000000,00000060), ref: 004058F9
                                                                                                          • Part of subcall function 004059A8: GetProcAddress.KERNEL32(004130EC,00000000), ref: 004059FA
                                                                                                          • Part of subcall function 004059A8: NtOpenThread.NTDLL(004130C8,001F03FF,004130CC,004130E4), ref: 00405A28
                                                                                                          • Part of subcall function 004059A8: FreeLibrary.KERNEL32(004130EC), ref: 00405A34
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AddressErrorFreeHugeLastLibraryOpenProcReadThreadVersion
                                                                                                        • String ID:
                                                                                                        • API String ID: 910644308-0
                                                                                                        • Opcode ID: 2202dec260b459618af9ea606024fc91a730a9b96f0d12d014a5a2cddf1fb0c8
                                                                                                        • Instruction ID: d9a4410b3cb541b072ec904cb3c2937675386e0b19e6657edfcbcde3cb50056a
                                                                                                        • Opcode Fuzzy Hash: 2202dec260b459618af9ea606024fc91a730a9b96f0d12d014a5a2cddf1fb0c8
                                                                                                        • Instruction Fuzzy Hash: 8F21B6B1A00704EADF20B6B68C82F5F6298DF85364F105577BA04FB2C2E53C9D41CE69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00401898 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlEnterCriticalSection.NTDLL(004145B4), ref: 004018C5
                                                                                                        • LocalFree.KERNEL32(0041460C,004145B4,00000000,0040196E), ref: 004018D7
                                                                                                        • LocalFree.KERNEL32(004145CC,00000000,00000000,00008000,0041460C,00000000,0040196E), ref: 00401935
                                                                                                        • RtlLeaveCriticalSection.NTDLL(004145B4), ref: 0040195E
                                                                                                        • RtlDeleteCriticalSection.NTDLL(004145B4), ref: 00401968
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$FreeLocal$DeleteEnterLeave
                                                                                                        • String ID: EA
                                                                                                        • API String ID: 3902855382-1759796954
                                                                                                        • Opcode ID: 3497e2a4341c456c9c00b3015e0cea27b12baf6975935a3e61458914163c5ba7
                                                                                                        • Instruction ID: afbe99febd1f9099f9f5bc77091ad5f3d37ccbac9b09c2458a0f80f7359b548c
                                                                                                        • Opcode Fuzzy Hash: 3497e2a4341c456c9c00b3015e0cea27b12baf6975935a3e61458914163c5ba7
                                                                                                        • Instruction Fuzzy Hash: 581163B16042016FD719ABA69C52B967BD6A7CA704F10C43BF300BB2F5C67D4840CB1C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00408060 Relevance: 9.1, APIs: 6, Instructions: 129filetimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 004080AD
                                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 004080FF
                                                                                                        • GetFileTime.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 00408134
                                                                                                        • ReadFile.KERNEL32(00000000,004149B0,00000000,?,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,004084AD), ref: 004081A4
                                                                                                        • CloseHandle.KERNEL32(000000FF,00000000,?,?,?,00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 004081D0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: File$CloseDeleteHandleReadSizeTime
                                                                                                        • String ID:
                                                                                                        • API String ID: 3103791412-0
                                                                                                        • Opcode ID: 645510871e39365114fe92a80bbbc9399b8427107af114480e38830561c7cacf
                                                                                                        • Instruction ID: 0c2d03fbcf7cfc312b6a75b0e9be0823f4df47b2ec3a64f95d73570faa6980d5
                                                                                                        • Opcode Fuzzy Hash: 645510871e39365114fe92a80bbbc9399b8427107af114480e38830561c7cacf
                                                                                                        • Instruction Fuzzy Hash: 22418F70A00208ABCB10EBA5C985BDF77B8AF85314F1045BAF544BB2D1DB7C9E458B69
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,00000064,00000000,?,004030CE,?,?,?,00000002,0040316E,0040252F,00402577,?,00000000), ref: 00403039
                                                                                                        • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,00000064,00000000,?,004030CE,?,?,?,00000002,0040316E,0040252F,00402577), ref: 0040303F
                                                                                                        • GetStdHandle.KERNEL32(000000F5,00403088,00000002,00000064,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,00000064,00000000,?,004030CE,?,?), ref: 00403054
                                                                                                        • WriteFile.KERNEL32(00000000,000000F5,00403088,00000002,00000064,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,00000064,00000000,?,004030CE,?,?), ref: 0040305A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileHandleWrite
                                                                                                        • String ID: Runtime error at 00000000
                                                                                                        • API String ID: 3320372497-1393363852
                                                                                                        • Opcode ID: fd8ec2eba152073f15be78e70b7cda2c8d560bdb7fac12931a77f12b8cb3141b
                                                                                                        • Instruction ID: 151c823fc8f74172a4d45909b0282b4fb491f511bfba6b1cdfb6973ff59de07e
                                                                                                        • Opcode Fuzzy Hash: fd8ec2eba152073f15be78e70b7cda2c8d560bdb7fac12931a77f12b8cb3141b
                                                                                                        • Instruction Fuzzy Hash: 7BF096B064138079F630AB605D06FD62E8C5749B16F20867BB350B54EAC7FC46C4831D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040805C Relevance: 7.6, APIs: 5, Instructions: 115filetimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 004080AD
                                                                                                        • DeleteFileA.KERNEL32(00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 004080FF
                                                                                                        • GetFileTime.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 00408134
                                                                                                        • ReadFile.KERNEL32(00000000,004149B0,00000000,?,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,004084AD), ref: 004081A4
                                                                                                        • CloseHandle.KERNEL32(000000FF,00000000,?,?,?,00000000,00000000,00000000,00000000,004084AD,?,?,?,?,00000000,00000000), ref: 004081D0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: File$CloseDeleteHandleReadSizeTime
                                                                                                        • String ID:
                                                                                                        • API String ID: 3103791412-0
                                                                                                        • Opcode ID: 3d483bee0325d95dc2b0afed07940a28246a1d8e614113e0b7632acc95652abf
                                                                                                        • Instruction ID: 6579f6323f0d1c0dcfdfb8acdc4707d8b8da8edec3f7ad876a5d8f750149c6ad
                                                                                                        • Opcode Fuzzy Hash: 3d483bee0325d95dc2b0afed07940a28246a1d8e614113e0b7632acc95652abf
                                                                                                        • Instruction Fuzzy Hash: D7419F70A00208AFCB10EBA5C985FDF77B8AF45314F1145BAF580BB2D1DB789E458B59
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406DB4 Relevance: 7.6, APIs: 5, Instructions: 52threadinjectionwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 0040690C: GetVersionExA.KERNEL32(00000094), ref: 0040692F
                                                                                                          • Part of subcall function 0040690C: SetLastError.KERNEL32(00000032,00000094), ref: 00406936
                                                                                                        • SuspendThread.KERNEL32(004147F4), ref: 00406DEA
                                                                                                        • GetThreadContext.KERNEL32(004147F4,?,004147F4), ref: 00406DFD
                                                                                                        • SetThreadContext.KERNEL32(004147F4,?,004147F4,?,004147F4), ref: 00406E32
                                                                                                        • ResumeThread.KERNEL32(004147F4,004147F4,?,004147F4), ref: 00406E3D
                                                                                                        • PostThreadMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00406E49
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Thread$Context$ErrorLastMessagePostResumeSuspendVersion
                                                                                                        • String ID:
                                                                                                        • API String ID: 2443462671-0
                                                                                                        • Opcode ID: 386d3e2c2e6d918c335fbfa53a09a4785b50ee8f0a850da7d51390aefe6aa06b
                                                                                                        • Instruction ID: 00111f60dd30be3fddfc9d2ac300bcfa6a4b2a1da3317c93d10fcdc96f34e8d5
                                                                                                        • Opcode Fuzzy Hash: 386d3e2c2e6d918c335fbfa53a09a4785b50ee8f0a850da7d51390aefe6aa06b
                                                                                                        • Instruction Fuzzy Hash: E40180B1A013009BD710ABA8EC81BD63398EBC6304F01443AF6A4A72D1C77C9945CBBD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00406DB8 Relevance: 7.6, APIs: 5, Instructions: 52threadinjectionwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 0040690C: GetVersionExA.KERNEL32(00000094), ref: 0040692F
                                                                                                          • Part of subcall function 0040690C: SetLastError.KERNEL32(00000032,00000094), ref: 00406936
                                                                                                        • SuspendThread.KERNEL32(004147F4), ref: 00406DEA
                                                                                                        • GetThreadContext.KERNEL32(004147F4,?,004147F4), ref: 00406DFD
                                                                                                        • SetThreadContext.KERNEL32(004147F4,?,004147F4,?,004147F4), ref: 00406E32
                                                                                                        • ResumeThread.KERNEL32(004147F4,004147F4,?,004147F4), ref: 00406E3D
                                                                                                        • PostThreadMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00406E49
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Thread$Context$ErrorLastMessagePostResumeSuspendVersion
                                                                                                        • String ID:
                                                                                                        • API String ID: 2443462671-0
                                                                                                        • Opcode ID: b292254c3f398de43e15b189be8cbac19abdf3826931ce7a7367cfcab2c030ae
                                                                                                        • Instruction ID: be9042e0d1f3dc56009a345aaca181ed4a60207c27f6778d9a54297b05d6ff1e
                                                                                                        • Opcode Fuzzy Hash: b292254c3f398de43e15b189be8cbac19abdf3826931ce7a7367cfcab2c030ae
                                                                                                        • Instruction Fuzzy Hash: 58018CB1A01300ABD720ABA8EC45FD73398EBC6354F01443AB6A4A72D1C77C9945CBBD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00403084 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040316E,0040252F,00402577,?,00000000,004024CC,?,?,?,00000064), ref: 00403111
                                                                                                        • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040316E,0040252F,00402577,?,00000000,004024CC,?,?,?,00000064), ref: 00403146
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitFreeLibraryProcess
                                                                                                        • String ID: FA$0@A
                                                                                                        • API String ID: 1404682716-349871504
                                                                                                        • Opcode ID: f5d9f716a799ca6d82326b8dc3b5335e22208adc42d5bbc7c68427fdf2d7786d
                                                                                                        • Instruction ID: 945742b12aab383e964586461569bb108c961f9887a4138631b23ab9212b9395
                                                                                                        • Opcode Fuzzy Hash: f5d9f716a799ca6d82326b8dc3b5335e22208adc42d5bbc7c68427fdf2d7786d
                                                                                                        • Instruction Fuzzy Hash: 11217C709012418FDB20AF2588897937FE96F49316F2584BBD844AB2CAD77CCEC0C799
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0040308C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040316E,0040252F,00402577,?,00000000,004024CC,?,?,?,00000064), ref: 00403111
                                                                                                        • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040316E,0040252F,00402577,?,00000000,004024CC,?,?,?,00000064), ref: 00403146
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitFreeLibraryProcess
                                                                                                        • String ID: FA$0@A
                                                                                                        • API String ID: 1404682716-349871504
                                                                                                        • Opcode ID: 411d8a4134a37d6a03b083bd8669f671ea7cf7d89d0b5992fe4456485104617c
                                                                                                        • Instruction ID: 630780385acc43d4c4d0ff82673663530e3cf0409d8a92741a748e7eef9d402e
                                                                                                        • Opcode Fuzzy Hash: 411d8a4134a37d6a03b083bd8669f671ea7cf7d89d0b5992fe4456485104617c
                                                                                                        • Instruction Fuzzy Hash: C9215C709012418BDB24AF25C8897977FE96B49316F25847BD844AB2CAD77CCEC0C799
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00410546 Relevance: 6.1, APIs: 4, Instructions: 139memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetSidSubAuthorityCount.ADVAPI32(?,?,?,00000000,00000000), ref: 00410551
                                                                                                        • GetSidSubAuthority.ADVAPI32(?,00000000,?,?,00000000,00000000), ref: 00410573
                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,000001F4,?,?,?,?,?,?,00000000,00000000), ref: 004105BE
                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,000003E8,?,?,?,?,?,?,00000000,00000000), ref: 00410650
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000410000.00000040.00000001.01000000.00000003.sdmp, Offset: 00410000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_410000_1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocateAuthorityInitialize$Count
                                                                                                        • String ID:
                                                                                                        • API String ID: 2646753802-0
                                                                                                        • Opcode ID: 7836d6aea2b1284455b65c63ab998e8f645d9987f72cb151047b87c987e6a1d6
                                                                                                        • Instruction ID: f2128bd7541c1cfa63822602b87afc619caca92b057c41b9b59d37b051575a68
                                                                                                        • Opcode Fuzzy Hash: 7836d6aea2b1284455b65c63ab998e8f645d9987f72cb151047b87c987e6a1d6
                                                                                                        • Instruction Fuzzy Hash: 754172B6A00109AFCB41DBE9DD85EEFB7FCAB4C300B14406AF615E3251D678EA458B64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402050 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlEnterCriticalSection.NTDLL(004145B4), ref: 004020A4
                                                                                                        • RtlLeaveCriticalSection.NTDLL(004145B4), ref: 004021DC
                                                                                                          • Part of subcall function 004017D4: LocalAlloc.KERNEL32(00000000,00000FF8,004145B4,004145B4,00000000,0040188A), ref: 00401827
                                                                                                          • Part of subcall function 004017D4: RtlLeaveCriticalSection.NTDLL(004145B4), ref: 00401884
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$Leave$AllocEnterLocal
                                                                                                        • String ID: 1
                                                                                                        • API String ID: 1168746000-3266935344
                                                                                                        • Opcode ID: 0bc0a7ed97d435c440b881ae54ff2647d4125590e66b36164080e06b6a0edbf3
                                                                                                        • Instruction ID: 4a965bc0cd6f567b435a8313f35021c85a81b6793351dc231a5975fc86e42bac
                                                                                                        • Opcode Fuzzy Hash: 0bc0a7ed97d435c440b881ae54ff2647d4125590e66b36164080e06b6a0edbf3
                                                                                                        • Instruction Fuzzy Hash: 2841B271604240DFE7158B25EE4D7563BE2AB85318F28813BD740AB2E1D7FC8945C74D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00402920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                        • API String ID: 3535843008-4173385793
                                                                                                        • Opcode ID: 8fa1de1006f6ef2069d99beed1759f5b593fd8bc066d96692ff18c7674c393f0
                                                                                                        • Instruction ID: 79995f6fdab9cc25f55f9b6193718687f413ccc5581bb0411b8c83054f1b1499
                                                                                                        • Opcode Fuzzy Hash: 8fa1de1006f6ef2069d99beed1759f5b593fd8bc066d96692ff18c7674c393f0
                                                                                                        • Instruction Fuzzy Hash: EF019679A40348B9EB11DF94CE42BE977BCE709710F500076BA04F65D0E6B85A50D759
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004017D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LocalAlloc.KERNEL32(00000000,00000FF8,004145B4,004145B4,00000000,0040188A), ref: 00401827
                                                                                                        • RtlLeaveCriticalSection.NTDLL(004145B4), ref: 00401884
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.4447030091.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00401000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_401000_1.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocCriticalLeaveLocalSection
                                                                                                        • String ID: EA
                                                                                                        • API String ID: 1361736381-1759796954
                                                                                                        • Opcode ID: 2a78fddc57bdf3a809a0299ad8e04692f3f6b9645a8ce54ede60b09fda80241d
                                                                                                        • Instruction ID: 4ef79c5b0b2e0bd49102990bf20fa9021e2509ccdeaf1aa4bb159768ffc46e44
                                                                                                        • Opcode Fuzzy Hash: 2a78fddc57bdf3a809a0299ad8e04692f3f6b9645a8ce54ede60b09fda80241d
                                                                                                        • Instruction Fuzzy Hash: E50161B0A442416ED719AB6A98067A57FD6E78B708F54C43BE240AA2F1C67D44808B1D
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%