COSMU File Infector

• Overview
  • Samples
• Analysis
  • Infection Format

Overview

This is a file infector that has been propogating for almost ten years. With each propogation it collects a new "infected" file. We are going to write a small extractor script to pull out all the files.

Samples

• 225715681d8cdf51c5f178e4f4cc67c05608e44cb3d625c108f92caebe4d719b UnpacMe
• 00e0ea6fa8a039786efa9457bbb9b6f13398c256a9bc0eeb71392c2b6657250b UnpacMe

Analysis

_想找回文件-_- _Want to retrieve files-_-
联系作者 恢复所有文件  Contact the author Recover all files
流氓不可怕 就怕流氓有文化  You are not afraid of gangsters. I am afraid that gangsters are educated.
好吧我承认你中奖了  Okay, I admit you won.
不明真相的群众运行了程序  People who don’t know the truth ran the program

Infection Format

┌──────────────────────────────────┐                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │ Malware                            
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│ ─────────────────────────────────┼───┬───────────                     
│                                  │    Buffer[48] (file name)          
│ ─────────────────────────────────┼───┴───────────                     
│                                  │    Target Size (DWORD)             
│ ─────────────────────────────────┼────────────────                    
│                                  │    Key DWORD (LSB is key)          
├──────────────────────────────────┼────────────────┐                   
│                                  │                │                   
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │  Target                            
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│                                  │                                    
│ ─────────────────────────────────┼─────────────────                   
│                                  │   Malware size (DWORD), EOF (DWORD)
└──────────────────────────────────┘

import struct
file_name = '/tmp/lol2.bin'
file_data = open(file_name, 'rb').read()

eof_offset = struct.unpack('<I', file_data[-4:])[0]
print(f"EOF: {hex(eof_offset)}")    

malware_size = struct.unpack('<I', file_data[-8:-4])[0]
print(f"Malware Size: {hex(malware_size)}")  

ptr = malware_size
name_data = file_data[ptr:ptr+48]
name = name_data.split(b'\x00')[0].decode()
print(f"Name: {name}")
ptr += 48
target_size = struct.unpack('<I', file_data[ptr:ptr+4])[0]
print(f"Target Size: {hex(target_size)}")
ptr += 4
key_dw = struct.unpack('<I', file_data[ptr:ptr+4])[0]
key = file_data[ptr]
print(f"Key: {hex(key)}")
ptr += 4

target_data = file_data[ptr:ptr+target_size]
open('/tmp/target.bin', 'wb').write(target_data)

out = []
for c in target_data:
    out.append((c - key)&0xff)
open(file_name + '__' + name + '.bin' , 'wb').write(bytes(out))

EOF: 0x2c594
Malware Size: 0x18c1c
Name: bootmgr.exe.mui
Target Size: 0x13938
Key: 0x35

80184

def extract(file_name, file_data):
    try:
        eof_offset = struct.unpack('<I', file_data[-4:])[0]
        malware_size = struct.unpack('<I', file_data[-8:-4])[0]
        ptr = malware_size
        name_data = file_data[ptr:ptr+48]
        name = name_data.split(b'\x00')[0].decode()
        ptr += 48
        target_size = struct.unpack('<I', file_data[ptr:ptr+4])[0]
        ptr += 4
        key_dw = struct.unpack('<I', file_data[ptr:ptr+4])[0]
        key = file_data[ptr]
        ptr += 4
        target_data = file_data[ptr:ptr+target_size]

        if len(name) < 4:
            return 0

        print(f"EOF: {hex(eof_offset)}") 
        print(f"Malware Size: {hex(malware_size)}") 
        print(f"Name: {name}")
        print(f"Target Size: {hex(target_size)}")
        print(f"Key: {hex(key)}")

        out = []
        for c in target_data:
            out.append((c - key)&0xff)
        open(file_name + '__' + name + '.bin' , 'wb').write(bytes(out))
    except Exception as e:
        return 0
    
    return malware_size

# Iterate over all files in directory
import os
for file_name in os.listdir('/tmp/infected2'):
    file_name = '/tmp/infected2/' + file_name
    file_data = open(file_name, 'rb').read()
    print('\n\n')
    print(file_name)
    offset = 1
    while offset > 0:
        offset = extract(file_name, file_data)
        file_data = file_data[:offset]
        print("\n")

/tmp/infected2/7246abf944e0974d921dd9a7d80749383ee387f9583eec20e64837c37cd2d3a8
EOF: 0x763462
Malware Size: 0x207a2
Name: choco.exe
Target Size: 0x742c80
Key: 0x0







/tmp/infected2/1ae200fc20841d638a3bcfb5c1cc71f828f8d4253fcaf76d6047214a607e578d
EOF: 0x1c9588
Malware Size: 0xef7e
Name: utc.privacy.diffbase
Target Size: 0x1ba5ca
Key: 0x2f


EOF: 0xeefd
Malware Size: 0xee3c
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xecd8
Malware Size: 0xeb34
Name: MS.GROOVE.12.1033.hxn
Target Size: 0x164
Key: 0x33


EOF: 0xe5e2
Malware Size: 0xe050
Name: desktop.ini
Target Size: 0x552
Key: 0x2e


EOF: 0xd72c
Malware Size: 0xcdc8
Name: RefreshEnv.cmd
Target Size: 0x924
Key: 0x32


EOF: 0xcc87
Malware Size: 0xcb06
Name: 10 - UserProfile.lnk
Target Size: 0x141
Key: 0x33







/tmp/infected2/5e036a397730943c7ca0ce35726a8d586659a39f630acd5285465a3e8ee82439
EOF: 0x1fb1b2
Malware Size: 0x40ba8
Name: utc.privacy.diffbase
Target Size: 0x1ba5ca
Key: 0x2e


EOF: 0x807ba
Malware Size: 0x3fbda
Name: Register-Application.ps1
Target Size: 0x7c3
Key: 0x31


EOF: 0x7f498
Malware Size: 0x3f886
Name: Hx.hxn
Target Size: 0x186
Key: 0x30


EOF: 0x7e6cc
Malware Size: 0x3ee0e
Name: Backup and Restore Center.lnk
Target Size: 0x518
Key: 0x32


EOF: 0x7d258
Malware Size: 0x3e412
Name: Paint.lnk
Target Size: 0x4da
Key: 0x31


EOF: 0x7be10
Malware Size: 0x3d9c6
Name: Default Programs.lnk
Target Size: 0x502
Key: 0x33


EOF: 0x7ac6a
Malware Size: 0x3d26c
Name: VLC media player skinned.lnk
Target Size: 0x389
Key: 0x2e


EOF: 0x7a154
Malware Size: 0x3ceb0
Name: desktop.ini
Target Size: 0x1ba
Key: 0x2f


EOF: 0x79894
Malware Size: 0x3c9ac
Name: Desktop.ini
Target Size: 0x25e
Key: 0x30


EOF: 0x78944
Malware Size: 0x3bf60
Name: Default Programs.lnk
Target Size: 0x502
Key: 0x33


EOF: 0x7744c
Malware Size: 0x3b4b4
Name: Sidebar.lnk
Target Size: 0x532
Key: 0x33







/tmp/infected2/6d2f429cd8bdca6b5984ed2f32f7ea27130b1858bb20fd1edf84bbb0ab5da0f0
EOF: 0x2c5d46
Malware Size: 0x14c26
Name: MpSvc.dll
Target Size: 0x2b10e0
Key: 0x35


EOF: 0x14ba5
Malware Size: 0x14ae4
Name: desktop.ini
Target Size: 0x81
Key: 0x32


EOF: 0x1495c
Malware Size: 0x14794
Name: MS.POWERPNT.DEV.12.1033.hxn
Target Size: 0x188
Key: 0x32


EOF: 0x14713
Malware Size: 0x14652
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x143ad
Malware Size: 0x140c8
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x13e64
Malware Size: 0x13bc0
Name: MS.Dexplore.v80.en.hxn
Target Size: 0x264
Key: 0x35


EOF: 0x13bab
Malware Size: 0x13b56
Name: _processed.txt
Target Size: 0x15
Key: 0x35


EOF: 0x13a45
Malware Size: 0x138f4
Name: chocolatey-dotnetfx.psm1
Target Size: 0x111
Key: 0x2f


EOF: 0x13775
Malware Size: 0x135b6
Name: l.bat
Target Size: 0x17f
Key: 0x31


EOF: 0x1342b
Malware Size: 0x13260
Name: .arguments
Target Size: 0x18b
Key: 0x35


EOF: 0x11f54
Malware Size: 0x10c08
Name: setuperr.log
Target Size: 0x130c
Key: 0x31


EOF: 0x10af2
Malware Size: 0x1099c
Name: desktop.ini
Target Size: 0x116
Key: 0x33







/tmp/infected2/ac3616c9a35af43d25cc7eac54514748a394d572bee78d4c59b6f38103b2976a
EOF: 0x451516
Malware Size: 0xcb000
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31







/tmp/infected2/11666e21bea520066f5ec756f9401d858b4b67b7be236d3cd895dcfd75869647
EOF: 0x4478ff
Malware Size: 0xa0b4
Name: chocolatey.nupkg
Target Size: 0x43d80b
Key: 0x33


EOF: 0x9c38
Malware Size: 0x977c
Name: AutoIt v3 Website.lnk
Target Size: 0x47c
Key: 0x33


EOF: 0x88ce
Malware Size: 0x79e0
Name: shimgen.license.txt
Target Size: 0xeae
Key: 0x35


EOF: 0x79a2
Malware Size: 0x7924
Name: $IM3YYFM.au3
Target Size: 0x3e
Key: 0x2f


EOF: 0x78a3
Malware Size: 0x77e2
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x7761
Malware Size: 0x76a0
Name: desktop.ini
Target Size: 0x81
Key: 0x30


EOF: 0x761f
Malware Size: 0x755e
Name: desktop.ini
Target Size: 0x81
Key: 0x31


EOF: 0x74b0
Malware Size: 0x73c2
Name: desktop.ini
Target Size: 0xae
Key: 0x32


EOF: 0x7243
Malware Size: 0x7084
Name: l.bat
Target Size: 0x17f
Key: 0x31


EOF: 0x6ef9
Malware Size: 0x6d2e
Name: .arguments
Target Size: 0x18b
Key: 0x30


EOF: 0x6bca
Malware Size: 0x6a26
Name: MS.MSTORE.12.1033.hxn
Target Size: 0x164
Key: 0x2e







/tmp/infected2/94281645fc555736a9e1567bbbec52b7588ae1fc80b2956fae646fbe0cf8ff7a
EOF: 0x74a0f0
Malware Size: 0x7430
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0x73f2
Malware Size: 0x7374
Name: $IJ9DK4M.au3
Target Size: 0x3e
Key: 0x32


EOF: 0x71f8
Malware Size: 0x703c
Name: desktop.ini
Target Size: 0x17c
Key: 0x34


EOF: 0x6ec6
Malware Size: 0x6d10
Name: MS.MSPUB.DEV.12.1033.hxn
Target Size: 0x176
Key: 0x2e


EOF: 0xd7e4
Malware Size: 0x6a9c
Name: desktop.ini
Target Size: 0x116
Key: 0x34


EOF: 0x656e
Malware Size: 0x6000
Name: MS.VSTACC.v80.hxn
Target Size: 0x52e
Key: 0x2f







/tmp/infected2/bd3156b3a29f45e01148fc6aca2760c8f9852219f62076ecd36ba9dfa8c516a7
EOF: 0x19c582
Malware Size: 0x33af2
Name: components.json
Target Size: 0x168a50
Key: 0x32


EOF: 0x33666
Malware Size: 0x3319a
Name: Computer Management.lnk
Target Size: 0x48c
Key: 0x31


EOF: 0x32efc
Malware Size: 0x32c1e
Name: LICENSE.txt
Target Size: 0x29e
Key: 0x33







/tmp/infected2/99b0a32e7529f442a5505a1563b5429f0935872886e9c40bb1d6a086ee02d856





/tmp/infected2/81ae674785b241c3bd465c823b3c4df0b98b55eae35b00d7c53ca26e7daaba95
EOF: 0x3bdef9
Malware Size: 0xb114
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x34


EOF: 0xacf0
Malware Size: 0xa88c
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30







/tmp/infected2/694f014059a772e0900740932c74c3e3f6313d443108c705ea1d3e0c4de5ac82
EOF: 0x3b9a3a
Malware Size: 0x33524
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x33069
Malware Size: 0x32b6e
Name: Remove-VisualStudioComponent.ps1
Target Size: 0x4bb
Key: 0x31







/tmp/infected2/c23a2b941f5fe0e957d296de4d09e30fff2549df6c9092925b2e2beb0e1f4591
EOF: 0x3ccc31
Malware Size: 0x19e4c
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x19dcb
Malware Size: 0x19d0a
Name: desktop.ini
Target Size: 0x81
Key: 0x30


EOF: 0x19c89
Malware Size: 0x19bc8
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x19261
Malware Size: 0x188ba
Name: user-192.png
Target Size: 0x967
Key: 0x31


EOF: 0x186c5
Malware Size: 0x18490
Name: user-48.png
Target Size: 0x1f5
Key: 0x32


EOF: 0x1833e
Malware Size: 0x181ac
Name: Desktop.ini
Target Size: 0x152
Key: 0x35


EOF: 0x17d6e
Malware Size: 0x178f0
Name: VERIFICATION.txt
Target Size: 0x43e
Key: 0x34


EOF: 0x2e728
Malware Size: 0x16e00
Name: Math Input Panel.lnk
Target Size: 0x554
Key: 0x2e


EOF: 0x168ae
Malware Size: 0x1631c
Name: desktop.ini
Target Size: 0x552
Key: 0x35


EOF: 0x15dea
Malware Size: 0x15878
Name: Sidebar.lnk
Target Size: 0x532
Key: 0x31


EOF: 0x15788
Malware Size: 0x15658
Name: CiPT0000.000
Target Size: 0xf0
Key: 0x2e


EOF: 0x1534c
Malware Size: 0x15000
Name: libiconv.mo
Target Size: 0x30c
Key: 0x35







/tmp/infected2/5938bdf4fd24bbc8a1f8ee1fcec73e8658689f5451ff5b2062f96cee3848a215
EOF: 0x3a6178
Malware Size: 0x1fc62
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x1eb1d
Malware Size: 0x1d998
Name: Install-VisualStudioVsixExtension.ps1
Target Size: 0x1145
Key: 0x34







/tmp/infected2/f485bc011c905cde47148d72d4e5a08696a0687ae5f80431da0aea4f94f512c3
EOF: 0x199784
Malware Size: 0x5c5cc
Name: Microsoft.VisualStudio.Setup.dll
Target Size: 0x13d178
Key: 0x35


EOF: 0x5c172
Malware Size: 0x5bcd8
Name: Paint.lnk
Target Size: 0x45a
Key: 0x35


EOF: 0x5ae8c
Malware Size: 0x5a000
Name: adobereader.nuspec
Target Size: 0xe4c
Key: 0x30







/tmp/infected2/91eb4888385b44b1e091d842d777c20688ffb85b3c0a652c0626300e67dc0d41
EOF: 0x3bd257
Malware Size: 0xa472
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x1383c
Malware Size: 0x9392
Name: Acrobat Reader DC.lnk
Target Size: 0x84c
Key: 0x33


EOF: 0x91de
Malware Size: 0x8fea
Name: ntuser.pol
Target Size: 0x1b4
Key: 0x33


EOF: 0x8542
Malware Size: 0x7a5a
Name: python3.nuspec
Target Size: 0xaa8
Key: 0x32


EOF: 0x74fb
Malware Size: 0x6f5c
Name: javaruntime.nuspec
Target Size: 0x55f
Key: 0x32


EOF: 0x6de0
Malware Size: 0x6c24
Name: desktop.ini
Target Size: 0x17c
Key: 0x35


EOF: 0x6b6c
Malware Size: 0x6a74
Name: hhcolreg.dat
Target Size: 0xb8
Key: 0x2f


EOF: 0x6a36
Malware Size: 0x69b8
Name: $IM3YYFM.au3
Target Size: 0x3e
Key: 0x2f


EOF: 0x67c8
Malware Size: 0x6598
Name: 81608.bpc
Target Size: 0x1f0
Key: 0x35


EOF: 0x6517
Malware Size: 0x6456
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x62ec
Malware Size: 0x6142
Name: MS.OUTLOOK.12.1033.hxn
Target Size: 0x16a
Key: 0x34


EOF: 0x60c1
Malware Size: 0x6000
Name: desktop.ini
Target Size: 0x81
Key: 0x30







/tmp/infected2/bf49d5f34ffc8fa6d147c3706cc25385b58e1901ed0e8086a49d962f782418d3
EOF: 0x3954fc
Malware Size: 0xefe6
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0xe8a9
Malware Size: 0xe12c
Name: Get-WebContent.ps1
Target Size: 0x73d
Key: 0x31


EOF: 0xdbe9
Malware Size: 0xd666
Name: Windows Media Player.lnk
Target Size: 0x543
Key: 0x31


EOF: 0xd590
Malware Size: 0xd47a
Name: setup.ini
Target Size: 0xd6
Key: 0x2f


EOF: 0xd2fe
Malware Size: 0xd142
Name: desktop.ini
Target Size: 0x17c
Key: 0x30


EOF: 0xd0c1
Malware Size: 0xd000
Name: desktop.ini
Target Size: 0x81
Key: 0x2f







/tmp/infected2/e9346a8d4e51f1d2bc2ad29a039832ad29b7caa1ad4e42935d5dd20bb2993409
EOF: 0x4a1f5a
Malware Size: 0xb54a
Name: AI041033.am
Target Size: 0x4969d0
Key: 0x32







/tmp/infected2/682d217a81401260b42311ab31bb4c55cfe1d6f2ae12c67e3921ed9467c946d2
EOF: 0x757cc0
Malware Size: 0x15000
Name: choco.exe
Target Size: 0x742c80
Key: 0x0







/tmp/infected2/2f5a2e501b7bd3b709371b1aeeb28126b70bfd01abf0cad41c2679f64caa65cd
EOF: 0x7565f8
Malware Size: 0x13938
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0x25bf4
Malware Size: 0x12284
Name: vcredist2015.nuspec
Target Size: 0xb36
Key: 0x31


EOF: 0x12094
Malware Size: 0x11e64
Name: 81608.bpc
Target Size: 0x1f0
Key: 0x35







/tmp/infected2/42778be97fb517c934243e697b2fdeab000e5f42ea07c33f4c028d5e39a58709
EOF: 0x1aa2b0
Malware Size: 0x10270
Name: 7z.dll
Target Size: 0x19a000
Key: 0x2f


EOF: 0xf917
Malware Size: 0xef7e
Name: KB3035131.nuspec
Target Size: 0x959
Key: 0x35


EOF: 0xeefd
Malware Size: 0xee3c
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xecd8
Malware Size: 0xeb34
Name: MS.GROOVE.12.1033.hxn
Target Size: 0x164
Key: 0x33


EOF: 0xe5e2
Malware Size: 0xe050
Name: desktop.ini
Target Size: 0x552
Key: 0x2e


EOF: 0xd72c
Malware Size: 0xcdc8
Name: RefreshEnv.cmd
Target Size: 0x924
Key: 0x32


EOF: 0xcc87
Malware Size: 0xcb06
Name: 10 - UserProfile.lnk
Target Size: 0x141
Key: 0x33







/tmp/infected2/f525babce33f0bc7e0abead8ce7f5bc2c5097fb74559bba69fcc26e669c90908
EOF: 0x3ba2ee
Malware Size: 0x33dd8
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x33afe
Malware Size: 0x337e4
Name: 417__Connections.provxml
Target Size: 0x2da
Key: 0x32


EOF: 0x33674
Malware Size: 0x334c4
Name: MS.POWERPNT.12.1033.hxn
Target Size: 0x170
Key: 0x2e


EOF: 0x32d01
Malware Size: 0x324fe
Name: Register-Application.ps1
Target Size: 0x7c3
Key: 0x33


EOF: 0x3247d
Malware Size: 0x323bc
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x31b64
Malware Size: 0x312cc
Name: Acrobat Reader DC.lnk
Target Size: 0x858
Key: 0x2e







/tmp/infected2/271034a693d2bb4029555efbd0b5d464d62d2ce1ecba1971b02f6842df04cf7b
EOF: 0x408952
Malware Size: 0x5d442
Name: NisSrv.exe
Target Size: 0x3ab4d0
Key: 0x0


EOF: 0x5d241
Malware Size: 0x5d000
Name: 7z.exe.manifest
Target Size: 0x201
Key: 0x31







/tmp/infected2/31dcb733abd9f60626b03c04c06c053bbef7b920924ab37d5999154bf806b76c
EOF: 0x396ffc
Malware Size: 0x10ae6
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x10acd
Malware Size: 0x10a74
Name: refcount.ini
Target Size: 0x19
Key: 0x2f


EOF: 0x108c9
Malware Size: 0x106de
Name: .files
Target Size: 0x1ab
Key: 0x32


EOF: 0xfecc
Malware Size: 0xf67a
Name: Configure Java.lnk
Target Size: 0x812
Key: 0x2e







/tmp/infected2/f0779b823794954a4e4f8d0b628e9649c66889ba1bccc27acb7e2b31476c814a
EOF: 0x39d0be
Malware Size: 0x16ba8
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x16679
Malware Size: 0x1610a
Name: README.md
Target Size: 0x52f
Key: 0x30


EOF: 0x157a3
Malware Size: 0x14dfc
Name: user-192.png
Target Size: 0x967
Key: 0x2f


EOF: 0x14017
Malware Size: 0x131f2
Name: customizations.xml
Target Size: 0xde5
Key: 0x35


EOF: 0x12a6b
Malware Size: 0x122a4
Name: Configure Java.lnk
Target Size: 0x787
Key: 0x35


EOF: 0x12105
Malware Size: 0x11f26
Name: user-32.png
Target Size: 0x19f
Key: 0x2f


EOF: 0x11141
Malware Size: 0x1031c
Name: customizations.xml
Target Size: 0xde5
Key: 0x35


EOF: 0xfec2
Malware Size: 0xfa28
Name: System Information.lnk
Target Size: 0x45a
Key: 0x34


EOF: 0xf534
Malware Size: 0xf000
Name: Memory Diagnostics Tool.lnk
Target Size: 0x4f4
Key: 0x32







/tmp/infected2/fe9919ea56d2a7a0cbea8b84418e957a7f574075e045b1d3b1c826ad67d70bc0





/tmp/infected2/855c7bd7a18bbe8d2ff11a9aa9c23e9ea6d226fe4db2316bf7f901a113444f81
EOF: 0x3a7f2e
Malware Size: 0x21a18
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x20df6
Malware Size: 0x20194
Name: choco.exe.manifest
Target Size: 0xc22
Key: 0x34


EOF: 0x40048
Malware Size: 0x1fe7c
Name: Mahjong.lnk
Target Size: 0x168
Key: 0x34


EOF: 0x1f6f5
Malware Size: 0x1ef2e
Name: 7zip.license.txt
Target Size: 0x787
Key: 0x34


EOF: 0x1ed74
Malware Size: 0x1eb7a
Name: desktop.ini
Target Size: 0x1ba
Key: 0x2f


EOF: 0x1e773
Malware Size: 0x1e32c
Name: AutoIt Window Info (x64).lnk
Target Size: 0x407
Key: 0x2f


EOF: 0x1e087
Malware Size: 0x1dda2
Name: .files
Target Size: 0x2a5
Key: 0x30


EOF: 0x1d8c4
Malware Size: 0x1d3a6
Name: System Configuration.lnk
Target Size: 0x4de
Key: 0x35


EOF: 0x1c964
Malware Size: 0x1bee2
Name: ipsnld.xml
Target Size: 0xa42
Key: 0x2f


EOF: 0x37460
Malware Size: 0x1b546
Name: Get Help.lnk
Target Size: 0x4aa
Key: 0x30


EOF: 0x1ae43
Malware Size: 0x1a700
Name: GoogleChrome.nuspec
Target Size: 0x703
Key: 0x2f


EOF: 0x1a54f
Malware Size: 0x1a35e
Name: user-40.png
Target Size: 0x1b1
Key: 0x33


EOF: 0x191cf
Malware Size: 0x18000
Name: KB2919442.nupkg
Target Size: 0x118f
Key: 0x34







/tmp/infected2/ac4e9c4af8a6c3fe14b7452f4c4e49ee34eb047eb6adab79216b9c1046c44303
EOF: 0x39508e
Malware Size: 0xeb78
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x32


EOF: 0xeb76
Malware Size: 0xeb34
Name: clist.exe.ignore
Target Size: 0x2
Key: 0x35


EOF: 0xe5e2
Malware Size: 0xe050
Name: desktop.ini
Target Size: 0x552
Key: 0x2e


EOF: 0xd72c
Malware Size: 0xcdc8
Name: RefreshEnv.cmd
Target Size: 0x924
Key: 0x32


EOF: 0xcc87
Malware Size: 0xcb06
Name: 10 - UserProfile.lnk
Target Size: 0x141
Key: 0x33







/tmp/infected2/c23565177c8003131a6f86dd26bf8d23277b7d808e0a68cb11bafcdd90116cad
EOF: 0x2b6a3c
Malware Size: 0xcbfc
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x31


EOF: 0xc7b0
Malware Size: 0xc324
Name: Run Script (x64).lnk
Target Size: 0x44c
Key: 0x2f


EOF: 0xc276
Malware Size: 0xc188
Name: desktop.ini
Target Size: 0xae
Key: 0x2e


EOF: 0xc0e4
Malware Size: 0xc000
Name: maintenanceservice-install.log
Target Size: 0xa4
Key: 0x2f







/tmp/infected2/589feea83edc3c881d97dc7c2c425cf7c0b2094d867fc3a347ac1790220beb61
EOF: 0x74e1d6
Malware Size: 0xb516
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0xb501
Malware Size: 0xb4ac
Name: _processed.txt
Target Size: 0x15
Key: 0x35


EOF: 0xb301
Malware Size: 0xb116
Name: .files
Target Size: 0x1ab
Key: 0x32


EOF: 0xae78
Malware Size: 0xab9a
Name: LICENSE.txt
Target Size: 0x29e
Key: 0x33


EOF: 0xa9aa
Malware Size: 0xa77a
Name: 81608.bpc
Target Size: 0x1f0
Key: 0x35


EOF: 0x9e3e
Malware Size: 0x94c2
Name: Google Chrome.lnk
Target Size: 0x93c
Key: 0x34







/tmp/infected2/bbde0a04bbdccb0587f206de986a35d8b12e21a2dc6646077507c9fc2ac41a73
EOF: 0x7508a4
Malware Size: 0xdbe4
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0xd515
Malware Size: 0xce06
Name: behavior.xml
Target Size: 0x6cf
Key: 0x2f







/tmp/infected2/3a8746d1f104cab7ae61a4b001cfd1bc7b1fd879a4fb3de40271f93b2d0d8b5a
EOF: 0x3d3f27
Malware Size: 0x21142
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x210c1
Malware Size: 0x21000
Name: desktop.ini
Target Size: 0x81
Key: 0x31







/tmp/infected2/f24aad070cebbb115f4844ff423264b1e22deb2a6083cc6277a26dd33a0560bc
EOF: 0x295a4e
Malware Size: 0x17036
Name: MpAzSubmit.dll
Target Size: 0x27e9d8
Key: 0x33


EOF: 0x16fb5
Malware Size: 0x16ef4
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x16c18
Malware Size: 0x168fc
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x16798
Malware Size: 0x165f4
Name: MS.MSTORE.12.1033.hxn
Target Size: 0x164
Key: 0x2e


EOF: 0x15e43
Malware Size: 0x15652
Name: Check For Updates.lnk
Target Size: 0x7b1
Key: 0x32


EOF: 0x151ea
Malware Size: 0x14d42
Name: Desktop.ini
Target Size: 0x468
Key: 0x35







/tmp/infected2/a159ea59d6d11748690377b0b639e1645fd0451c017aff7295080d5ba7b2edbf
EOF: 0x453539
Malware Size: 0x15cee
Name: chocolatey.nupkg
Target Size: 0x43d80b
Key: 0x2e


EOF: 0x15cc2
Malware Size: 0x15c56
Name: Timestamp.xml
Target Size: 0x2c
Key: 0x30


EOF: 0x15778
Malware Size: 0x1525a
Name: System Restore.lnk
Target Size: 0x4de
Key: 0x34


EOF: 0x14dbb
Malware Size: 0x148dc
Name: helpers.ps1
Target Size: 0x49f
Key: 0x34


EOF: 0x13c8e
Malware Size: 0x13000
Name: base.xml
Target Size: 0xc4e
Key: 0x32







/tmp/infected2/8d3e50ca15c412a464ebbba12729d8b0463f1eb7c26ca22c63dc578f65e0f457





/tmp/infected2/b2034c85c77fcede6d872285b00f5425519e886200d8cf02e658b18c6fb57505
EOF: 0x28ad24
Malware Size: 0x21d0c
Name: MpSvc.dll
Target Size: 0x268fd8
Key: 0x2e


EOF: 0x21b58
Malware Size: 0x21964
Name: ntuser.pol
Target Size: 0x1b4
Key: 0x34


EOF: 0x20ebc
Malware Size: 0x203d4
Name: python3.nuspec
Target Size: 0xaa8
Key: 0x30


EOF: 0x2020a
Malware Size: 0x20000
Name: MS.VSTA.v80.en.hxn
Target Size: 0x1ca
Key: 0x33







/tmp/infected2/ee678df98691a06a7e4009af3a2e14e7666156bff978a7e5a200dea8f0a7efab
EOF: 0x4a37d2
Malware Size: 0xcdc2
Name: 114111411141114111411141114111411141114111411141
Target Size: 0x31343131
Key: 0x31







/tmp/infected2/6a172b0f5cf98586d388049911cd66cc1fd9b9ada3ab9244558eb019867e863b
EOF: 0x3b8f2c
Malware Size: 0x32a16
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31







/tmp/infected2/0750e910e6926290c1a5b8505419728b9f091d06c71911a96be3af9b9bd64f32
EOF: 0x3b69b2
Malware Size: 0x3049c
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x303c6
Malware Size: 0x302b0
Name: setup.ini
Target Size: 0xd6
Key: 0x2f


EOF: 0x3012e
Malware Size: 0x2ff6c
Name: MS.OUTLOOK.DEV.12.1033.hxn
Target Size: 0x182
Key: 0x2f


EOF: 0x2f36b
Malware Size: 0x2e72a
Name: ADSAdClient31[4].htm
Target Size: 0xc01
Key: 0x2f


EOF: 0x2e166
Malware Size: 0x2db62
Name: desktop.ini
Target Size: 0x5c4
Key: 0x35


EOF: 0x5b3ec
Malware Size: 0x2d852
Name: MS.GROOVE.12.1033.hxn
Target Size: 0x164
Key: 0x30


EOF: 0x2cd93
Malware Size: 0x2c294
Name: 13d55e.rbf
Target Size: 0xabf
Key: 0x34


EOF: 0x2c124
Malware Size: 0x2bf74
Name: MS.POWERPNT.12.1033.hxn
Target Size: 0x170
Key: 0x2e


EOF: 0x2b6dc
Malware Size: 0x2ae04
Name: jre8.nuspec
Target Size: 0x898
Key: 0x34


EOF: 0x2ad83
Malware Size: 0x2acc2
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x2ab4c
Malware Size: 0x2a996
Name: MS.EXCEL.DEV.12.1033.hxn
Target Size: 0x176
Key: 0x2f


EOF: 0x54918
Malware Size: 0x29f4a
Name: Default Programs.lnk
Target Size: 0x502
Key: 0x33


EOF: 0x29dda
Malware Size: 0x29c2a
Name: Solitaire.lnk
Target Size: 0x170
Key: 0x34


EOF: 0x53206
Malware Size: 0x295a4
Name: chocolatey.config.backup
Target Size: 0x31f
Key: 0x2f


EOF: 0x2948e
Malware Size: 0x29338
Name: desktop.ini
Target Size: 0x116
Key: 0x32


EOF: 0x291bc
Malware Size: 0x29000
Name: desktop.ini
Target Size: 0x17c
Key: 0x33







/tmp/infected2/ddb9c13b3fa85a930db25c3d8cf7aa7d91d448b46228723cd6586a99b4a2b3e7
EOF: 0x3db385
Malware Size: 0x285a0
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x284f6
Malware Size: 0x2840c
Name: Desktop.ini
Target Size: 0xaa
Key: 0x31







/tmp/infected2/bbf9f9eb391ace3301d93c20e548d72a6d02b62b7563589dec0414ec609427f9
EOF: 0x42bfc2
Malware Size: 0x32082
Name: mpenginedb.db-wal
Target Size: 0x3f9f00
Key: 0x35


EOF: 0x31b3b
Malware Size: 0x315b4
Name: Get-PackageCacheLocation.ps1
Target Size: 0x547
Key: 0x30







/tmp/infected2/ffcb8c4e1d1ee13a906349508aa1b18615c43772d1eebecdfd4dbd0dae626f40
EOF: 0x820cfa
Malware Size: 0x10cba
Name: Windows.edb
Target Size: 0x810000
Key: 0x2e







/tmp/infected2/81451cfdc7c7a9a388f9042c3b12349d01a7c2760323123dd2f345ac9062fa43
EOF: 0x283bee
Malware Size: 0x1abd6
Name: MpSvc.dll
Target Size: 0x268fd8
Key: 0x35


EOF: 0x1abaa
Malware Size: 0x1ab3e
Name: Timestamp.xml
Target Size: 0x2c
Key: 0x30


EOF: 0x19832
Malware Size: 0x184e6
Name: setuperr.log
Target Size: 0x130c
Key: 0x34


EOF: 0x1836a
Malware Size: 0x181ae
Name: desktop.ini
Target Size: 0x17c
Key: 0x35


EOF: 0x1816a
Malware Size: 0x180e6
Name: $I4HNUSJ.evtx
Target Size: 0x44
Key: 0x31


EOF: 0x16de5
Malware Size: 0x15aa4
Name: KB2919355.nupkg
Target Size: 0x1301
Key: 0x35


EOF: 0x15572
Malware Size: 0x15000
Name: Sound Recorder.lnk
Target Size: 0x532
Key: 0x31







/tmp/infected2/6e3bd4bf8191d9d5229555d3de362f79a0aa41d7e2e283fb1231785c6c84519e
EOF: 0x3c5557
Malware Size: 0x12772
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30







/tmp/infected2/64f90e6f535d6a8272373335d603b8cc144b67233464de952a23873d002db6f8
EOF: 0x2c226a
Malware Size: 0x1842a
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x31







/tmp/infected2/2d0a937437e4ed6e93628696ccb27bbfca694fc0573bac9f1cee71b8d23643e6
EOF: 0x2581ee
Malware Size: 0x14c8a
Name: kor_boot.ttf
Target Size: 0x243524
Key: 0x32


EOF: 0x14068
Malware Size: 0x13406
Name: choco.exe.manifest
Target Size: 0xc22
Key: 0x34


EOF: 0x1432
Malware Size: 0x10000
Name: AutoIt Help File.lnk
Target Size: 0x431
Key: 0x30







/tmp/infected2/4b7cfa7872deae772c88a37e68b956b0617d175b10e7ed14f8e9645f67d13bdb
EOF: 0x2b4e84
Malware Size: 0xb044
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x2f


EOF: 0xa34f
Malware Size: 0x961a
Name: customizations.xml
Target Size: 0xcf5
Key: 0x2f


EOF: 0x94b0
Malware Size: 0x9306
Name: MS.WINWORD.12.1033.hxn
Target Size: 0x16a
Key: 0x33


EOF: 0x8e2c
Malware Size: 0x8912
Name: Paint.lnk
Target Size: 0x4da
Key: 0x35


EOF: 0x847a
Malware Size: 0x7fa2
Name: SciTE Script Editor.lnk
Target Size: 0x498
Key: 0x32


EOF: 0x71bd
Malware Size: 0x6398
Name: customizations.xml
Target Size: 0xde5
Key: 0x34


EOF: 0x61ec
Malware Size: 0x6000
Name: RunTime.xml
Target Size: 0x1ac
Key: 0x2e







/tmp/infected2/247b073a993ba1eaf04cc33fb4098a909d3d94b3fe97c7badadeb38c9b52bed2





/tmp/infected2/6e8e90a8a1c684ed5c0988cc449eb220ef73054a972153e4c766b87e9fe4aae8
EOF: 0x18d040
Malware Size: 0x4d000
Name: edbres00002.jrs
Target Size: 0x140000
Key: 0x30







/tmp/infected2/668718b10146c9da634e8b2654110a1c6db3a35ea94489c96136730a994d6353
EOF: 0x1cbb5c
Malware Size: 0x11552
Name: utc.privacy.diffbase
Target Size: 0x1ba5ca
Key: 0x33


EOF: 0x112c9
Malware Size: 0x11000
Name: 123__Connections.provxml
Target Size: 0x289
Key: 0x34







/tmp/infected2/87302a083edf3b15debace27b481da898d6529f014c6ed43193b3d77cc7b22c9
EOF: 0x75bf12
Malware Size: 0x19252
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0x313fc
Malware Size: 0x18172
Name: Acrobat Reader DC.lnk
Target Size: 0x84c
Key: 0x33


EOF: 0x17f12
Malware Size: 0x17c72
Name: abcpy.ini
Target Size: 0x260
Key: 0x2f







/tmp/infected2/bfc9001057bc00ff216b8351cc1878f543bc1e0e878e87701d32808d6a61d13a





/tmp/infected2/632ba7761830b5f176e6b238301748dc8f30c8e937c09b82ad398ce2c8c50e8f
EOF: 0x3955ea
Malware Size: 0xf0d4
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0xe4e5
Malware Size: 0xd8b6
Name: 13d561.rbf
Target Size: 0xbef
Key: 0x34


EOF: 0xd179
Malware Size: 0xc9fc
Name: Get-WebContent.ps1
Target Size: 0x73d
Key: 0x31


EOF: 0xc880
Malware Size: 0xc6c4
Name: desktop.ini
Target Size: 0x17c
Key: 0x30


EOF: 0xc404
Malware Size: 0xc104
Name: 646__Connections.provxml
Target Size: 0x2c0
Key: 0x2f


EOF: 0xbadc
Malware Size: 0xb474
Name: Windows Media Player.lnk
Target Size: 0x628
Key: 0x2f


EOF: 0xb1cf
Malware Size: 0xaeea
Name: .files
Target Size: 0x2a5
Key: 0x30


EOF: 0xaeac
Malware Size: 0xae2e
Name: $IM3YYFM.au3
Target Size: 0x3e
Key: 0x2f


EOF: 0xab05
Malware Size: 0xa79c
Name: chocolatey.config.backup
Target Size: 0x329
Key: 0x34


EOF: 0xa47d
Malware Size: 0xa11e
Name: chocolatey.config.backup
Target Size: 0x31f
Key: 0x2f


EOF: 0x98af
Malware Size: 0x9000
Name: KB3033929.nuspec
Target Size: 0x86f
Key: 0x32







/tmp/infected2/0fdcdadc89b66c388cae07c25af523860b7b0d136d01c532634285a5bc16c360
EOF: 0x1c937c
Malware Size: 0xed72
Name: utc.privacy.diffbase
Target Size: 0x1ba5ca
Key: 0x2e







/tmp/infected2/19aad1d097a0d19d65b84190d6cce6bfef68a05d7c4ec05c74c3c942b63196ac





/tmp/infected2/1db6e5a9c93a34f88d0d1bf37295ad7b9100b798429153f9882e4bb4ab0bb557





/tmp/infected2/09faed2b53a488d94bb1552e873bd472d2c76db0d9c280eed4f6463043902b0d
EOF: 0x3a6a2e
Malware Size: 0x20518
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x2036c
Malware Size: 0x20180
Name: RunTime.xml
Target Size: 0x1ac
Key: 0x30


EOF: 0x1ff44
Malware Size: 0x1fcc8
Name: .files
Target Size: 0x23c
Key: 0x33


EOF: 0x1fc0e
Malware Size: 0x1fb14
Name: $I0A4OP9.au3
Target Size: 0xba
Key: 0x34







/tmp/infected2/67eef312d9675141728aff62b1bc06cbe6e95518cce7f39ecc6e8a193cb08869
EOF: 0x2b2efe
Malware Size: 0x90be
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x31


EOF: 0x110d4
Malware Size: 0x7fde
Name: Acrobat Reader DC.lnk
Target Size: 0x84c
Key: 0x33


EOF: 0x7f5d
Malware Size: 0x7e9c
Name: desktop.ini
Target Size: 0x81
Key: 0x34


EOF: 0x7c9b
Malware Size: 0x7a5a
Name: 7z.exe.manifest
Target Size: 0x201
Key: 0x34


EOF: 0x74fb
Malware Size: 0x6f5c
Name: 7z.exe.manifest
Target Size: 0x201
Key: 0x2e


EOF: 0x6de0
Malware Size: 0x6c24
Name: desktop.ini
Target Size: 0x17c
Key: 0x35


EOF: 0x6b6c
Malware Size: 0x6a74
Name: hhcolreg.dat
Target Size: 0xb8
Key: 0x2f


EOF: 0x6a36
Malware Size: 0x69b8
Name: $IM3YYFM.au3
Target Size: 0x3e
Key: 0x2f


EOF: 0x67c8
Malware Size: 0x6598
Name: 81608.bpc
Target Size: 0x1f0
Key: 0x35


EOF: 0x6517
Malware Size: 0x6456
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x62ec
Malware Size: 0x6142
Name: MS.OUTLOOK.12.1033.hxn
Target Size: 0x16a
Key: 0x34


EOF: 0x60c1
Malware Size: 0x6000
Name: desktop.ini
Target Size: 0x81
Key: 0x30







/tmp/infected2/fbc16721deea8cde759216b73298bba67724b943a7d9a1e5cc6353d727c74092
EOF: 0x2bf298
Malware Size: 0x15458
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x32


EOF: 0x14ff8
Malware Size: 0x14b58
Name: Task Manager.lnk
Target Size: 0x460
Key: 0x2f


EOF: 0x14455
Malware Size: 0x13d12
Name: GoogleChrome.nuspec
Target Size: 0x703
Key: 0x2f


EOF: 0x13c91
Malware Size: 0x13bd0
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x13a54
Malware Size: 0x13898
Name: desktop.ini
Target Size: 0x17c
Key: 0x30


EOF: 0x12c6c
Malware Size: 0x12000
Name: Get-VSWebFile.ps1
Target Size: 0xc2c
Key: 0x33







/tmp/infected2/4fd36fd4f1fe3de6634af462b71f8e6e38398f4da431615a88d117ab24f9d1ee
EOF: 0x3bf907
Malware Size: 0xcb22
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0xcaa1
Malware Size: 0xc9e0
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xc95f
Malware Size: 0xc89e
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xc713
Malware Size: 0xc548
Name: .arguments
Target Size: 0x18b
Key: 0x35







/tmp/infected2/5211e435da428cb5dc7c148dd5ffda82b254e8b284b2a311749e979a55ede8bf





/tmp/infected2/14d2dc7dedf952e5a4e1bf46bd2e0809d5f7db61f6bf00397c92b6351132502a
EOF: 0x3e7b23
Malware Size: 0x34d3e
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x67d10
Malware Size: 0x32f9a
Name: shimgen.license.txt
Target Size: 0xeae
Key: 0x31


EOF: 0x3289e
Malware Size: 0x32162
Name: Add-VisualStudioWorkload.ps1
Target Size: 0x6fc
Key: 0x2f


EOF: 0x3164d
Malware Size: 0x30af8
Name: 13d55c.rbf
Target Size: 0xb15
Key: 0x34


EOF: 0x308f8
Malware Size: 0x306b8
Name: chocolatey-core.psm1
Target Size: 0x200
Key: 0x31







/tmp/infected2/ac9b1de48ffe3a0adf38fc3d0f490b055ea403cc785ae8324e1e003c9ffb70af
EOF: 0x3c70e1
Malware Size: 0x142fc
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x1419e
Malware Size: 0x14000
Name: MS.EXCEL.12.1033.hxn
Target Size: 0x15e
Key: 0x35







/tmp/infected2/0301afbb1c85c61b98a23b0f2787e9d7df6b5910c71a7e088db1e18d7222c363
EOF: 0x464389
Malware Size: 0x26b3e
Name: chocolatey.nupkg
Target Size: 0x43d80b
Key: 0x35







/tmp/infected2/bf49e9644cf6b6f7f48d2bbd6cb982116e9f5c08b7983d62585d0043aea2cfc4
EOF: 0x750768
Malware Size: 0xdaa8
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0xcc5c
Malware Size: 0xbdd0
Name: adobereader.nuspec
Target Size: 0xe4c
Key: 0x30







/tmp/infected2/ac9783d8b5e7a9aaaf5500c3802e1aac3e42c041d7098fc3745e70ebc5ce0fe2
EOF: 0x39a5d2
Malware Size: 0x140bc
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x13935
Malware Size: 0x1316e
Name: 7zip.license.txt
Target Size: 0x787
Key: 0x2e


EOF: 0x12fe3
Malware Size: 0x12e18
Name: .arguments
Target Size: 0x18b
Key: 0x34


EOF: 0x12c17
Malware Size: 0x129d6
Name: 7z.dll.manifest
Target Size: 0x201
Key: 0x30


EOF: 0x12857
Malware Size: 0x12698
Name: l.bat
Target Size: 0x17f
Key: 0x31


EOF: 0x1216a
Malware Size: 0x11bfc
Name: MS.VSTACC.v80.hxn
Target Size: 0x52e
Key: 0x33


EOF: 0x11095
Malware Size: 0x104ee
Name: 222222222222222222222222222222222222222222222222
Target Size: 0x32323232
Key: 0x32







/tmp/infected2/135bb73f3e511b745f00a84e4339ee71aa6deeed84d0d64d820dfabeab01478d
EOF: 0x410de5
Malware Size: 0x5e000
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30







/tmp/infected2/6c8113c7095d64c262b7316b22a6616204acec6f1ef54666f20ec9384ac8313e
EOF: 0x7a2cc0
Malware Size: 0x60000
Name: choco.exe
Target Size: 0x742c80
Key: 0x0







/tmp/infected2/df193298e938fb09df4d10d32b1ae87bdd713c90dcbbf205d37af41efc2e982a
EOF: 0x2c57ea
Malware Size: 0x1b9aa
Name: r///u///t///w///v///y///x///~///}///{///0//0//
Target Size: 0x2f2f2f82
Key: 0x7f





/tmp/infected2/81d073774cd3155b21568d5bdec586bb88f6071d09cebfcdf48f5387c9fd5f26
EOF: 0x21f0fd
Malware Size: 0x3a3d6
Name: desktop.ini
Target Size: 0xae
Key: 0x2f


EOF: 0x3966f
Malware Size: 0x388c8
Name: ChocolateyInstall.ps1
Target Size: 0xd67
Key: 0x33


EOF: 0x3860e
Malware Size: 0x38314
Name: state.rsm
Target Size: 0x2ba
Key: 0x2f


EOF: 0x381aa
Malware Size: 0x38000
Name: MS.WINWORD.12.1033.hxn
Target Size: 0x16a
Key: 0x2f







/tmp/infected2/8e1ebf90c969355d8ec32da67a8251170350b9e7f33c05b2190b814b82d97910
EOF: 0x3cecc5
Malware Size: 0x1bee0
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x1ae15
Malware Size: 0x19d0a
Name: python.nupkg
Target Size: 0x10cb
Key: 0x32


EOF: 0x19c89
Malware Size: 0x19bc8
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x19261
Malware Size: 0x188ba
Name: user-192.png
Target Size: 0x967
Key: 0x31


EOF: 0x186c5
Malware Size: 0x18490
Name: user-48.png
Target Size: 0x1f5
Key: 0x32


EOF: 0x1833e
Malware Size: 0x181ac
Name: Desktop.ini
Target Size: 0x152
Key: 0x35


EOF: 0x17d6e
Malware Size: 0x178f0
Name: VERIFICATION.txt
Target Size: 0x43e
Key: 0x34


EOF: 0x2e728
Malware Size: 0x16e00
Name: Math Input Panel.lnk
Target Size: 0x554
Key: 0x2e


EOF: 0x168ae
Malware Size: 0x1631c
Name: desktop.ini
Target Size: 0x552
Key: 0x35


EOF: 0x15dea
Malware Size: 0x15878
Name: Sidebar.lnk
Target Size: 0x532
Key: 0x31


EOF: 0x15788
Malware Size: 0x15658
Name: CiPT0000.000
Target Size: 0xf0
Key: 0x2e


EOF: 0x1534c
Malware Size: 0x15000
Name: libiconv.mo
Target Size: 0x30c
Key: 0x35







/tmp/infected2/9b35bda5802326e5d611640b3e51d36503c5ecbb40474dfe366daaa22dc3f7f3
EOF: 0x39a06c
Malware Size: 0x13b56
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x138ca
Malware Size: 0x135fe
Name: 600__Connections.provxml
Target Size: 0x28c
Key: 0x34


EOF: 0x13550
Malware Size: 0x13462
Name: desktop.ini
Target Size: 0xae
Key: 0x35


EOF: 0x132f2
Malware Size: 0x13142
Name: MS.MSACCESS.12.1033.hxn
Target Size: 0x170
Key: 0x2f


EOF: 0x130c1
Malware Size: 0x13000
Name: desktop.ini
Target Size: 0x81
Key: 0x2f







/tmp/infected2/504c1ec82608243d3c3385f1351d959932768bf49e9002dfd8840571dd3ed5d2
EOF: 0x81c52c
Malware Size: 0xc4ec
Name: Windows.edb
Target Size: 0x810000
Key: 0x32







/tmp/infected2/4163a5c892744ccada91dc4bf695a8fd5046e81ee936b826f574f36a7d3a9ee9
EOF: 0x39b828
Malware Size: 0x15312
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x34


EOF: 0x14ce6
Malware Size: 0x1467a
Name: Interactive Ruby.lnk
Target Size: 0x62c
Key: 0x35







/tmp/infected2/fc82a249f0b18801d91603c9eec4645d8585b4211edd117a945e1cd1acb00210
EOF: 0x3bf1d6
Malware Size: 0x13cc6
Name: NisSrv.exe
Target Size: 0x3ab4d0
Key: 0x0


EOF: 0x132ab
Malware Size: 0x12850
Name: Google Chrome.lnk
Target Size: 0xa1b
Key: 0x33


EOF: 0x12836
Malware Size: 0x127dc
Name: UpdateCspStore.xml
Target Size: 0x1a
Key: 0x30


EOF: 0x12651
Malware Size: 0x12486
Name: .arguments
Target Size: 0x18b
Key: 0x32


EOF: 0x12304
Malware Size: 0x12142
Name: MS.OUTLOOK.DEV.12.1033.hxn
Target Size: 0x182
Key: 0x2e


EOF: 0x120c1
Malware Size: 0x12000
Name: desktop.ini
Target Size: 0x81
Key: 0x2f







/tmp/infected2/fe98a8df6909991c9ef6a77d44108206a1ac7f6eed85e48570e1cc364008e32f
EOF: 0x391c62
Malware Size: 0xb74c
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0xb321
Malware Size: 0xaeb6
Name: Browse Extras.lnk
Target Size: 0x42b
Key: 0x34


EOF: 0xabfb
Malware Size: 0xa900
Name: RunTime.xml
Target Size: 0x2bb
Key: 0x2f







/tmp/infected2/0dde42d9aa0c58faf924585d8c1fcfd83b044875acdcfb9a0336ed0e8d19f55a
EOF: 0x39a880
Malware Size: 0x1436a
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x1432c
Malware Size: 0x142ae
Name: $IJ9DK4M.au3
Target Size: 0x3e
Key: 0x32


EOF: 0x14132
Malware Size: 0x13f76
Name: desktop.ini
Target Size: 0x17c
Key: 0x30







/tmp/infected2/8951c3a0f08f0c2df6e5b2f8e30648b9155ee094fef12a7e03e162b67faaa2ac
EOF: 0x2be652
Malware Size: 0x14812
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x31


EOF: 0x14120
Malware Size: 0x139ee
Name: 76__Connections.provxml
Target Size: 0x6f2
Key: 0x2f


EOF: 0x1386f
Malware Size: 0x136b0
Name: l.bat
Target Size: 0x17f
Key: 0x31


EOF: 0x12d8c
Malware Size: 0x12428
Name: 76__Connections.provxml
Target Size: 0x6f2
Key: 0x34


EOF: 0x246e4
Malware Size: 0x12284
Name: desktop.ini
Target Size: 0xae
Key: 0x35


EOF: 0x12094
Malware Size: 0x11e64
Name: 81608.bpc
Target Size: 0x1f0
Key: 0x35







/tmp/infected2/beff1cb14d810e50d5d58db76f5f397aac695e98649e48347637712855586cdc
EOF: 0x436b12
Malware Size: 0xf81a
Name: mpasdlta.vdm
Target Size: 0x4272b8
Key: 0x35


EOF: 0xef72
Malware Size: 0xe68a
Name: Get-EffectiveProxy.ps1
Target Size: 0x8a8
Key: 0x2e


EOF: 0xe230
Malware Size: 0xdd96
Name: Paint.lnk
Target Size: 0x45a
Key: 0x32


EOF: 0xdd15
Malware Size: 0xdc54
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xda64
Malware Size: 0xd834
Name: 81608.bpc
Target Size: 0x1f0
Key: 0x35


EOF: 0xc884
Malware Size: 0xb894
Name: manifest.txt
Target Size: 0xfb0
Key: 0x31


EOF: 0xb736
Malware Size: 0xb598
Name: MS.EXCEL.12.1033.hxn
Target Size: 0x15e
Key: 0x2e







/tmp/infected2/028eb3c28fa6be9f7c4c9069bee390e249baeec464712c5adde93af9fb633182
EOF: 0x3c4de5
Malware Size: 0x12000
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30







/tmp/infected2/ad8724522c5a32f8d04f0c377668e15e7971d9944f076ff9669a7b1ad2aada1d
EOF: 0x19b95a
Malware Size: 0x5b91a
Name: edbres00001.jrs
Target Size: 0x140000
Key: 0x31


EOF: 0x5ac83
Malware Size: 0x59fac
Name: 42131b14-1e06-a3f5-58c1-a4081d83ad66.xml
Target Size: 0xc97
Key: 0x35


EOF: 0x59a17
Malware Size: 0x59442
Name: Visual Studio Installer.lnk
Target Size: 0x595
Key: 0x2f


EOF: 0x59241
Malware Size: 0x59000
Name: 7z.dll.manifest
Target Size: 0x201
Key: 0x30







/tmp/infected2/7a7eff690c267e27fc7ee73d28997190a82cb5f5347e79bc1d7abb43122cd9b0
EOF: 0x758b30
Malware Size: 0x15e70
Name: choco.exe
Target Size: 0x742c80
Key: 0x0


EOF: 0x15bc1
Malware Size: 0x158d2
Name: .files
Target Size: 0x2af
Key: 0x2f


EOF: 0x2ae9c
Malware Size: 0x15592
Name: desktop.ini
Target Size: 0x17c
Key: 0x2f


EOF: 0x2aaea
Malware Size: 0x15520
Name: _processed.txt
Target Size: 0x15
Key: 0x35


EOF: 0x2842e
Malware Size: 0x12ed6
Name: KB2919355.nupkg
Target Size: 0x1301
Key: 0x35







/tmp/infected2/55fac017aa25f514b0ab2ecaae1f6cb2aee85a2e90f08de48375fb53f9f33f3d
EOF: 0x399d0a
Malware Size: 0x137f4
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31







/tmp/infected2/7c9a6e8bd8814ca7630ab9337aa40cc607359c8a5f60d6f9fc6a93c8b9f7a361
EOF: 0x44e53d
Malware Size: 0x10cf2
Name: chocolatey.nupkg
Target Size: 0x43d80b
Key: 0x32


EOF: 0x101bc
Malware Size: 0xf646
Name: vcredist2015.nuspec
Target Size: 0xb36
Key: 0x35


EOF: 0xf4c4
Malware Size: 0xf302
Name: MS.OUTLOOK.DEV.12.1033.hxn
Target Size: 0x182
Key: 0x2f


EOF: 0xf281
Malware Size: 0xf1c0
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xf06f
Malware Size: 0xeede
Name: 04 - Downloads.lnk
Target Size: 0x151
Key: 0x2e


EOF: 0xede3
Malware Size: 0xeca8
Name: RunTime.xml
Target Size: 0xfb
Key: 0x31


EOF: 0xe267
Malware Size: 0xd7e6
Name: bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml
Target Size: 0xa41
Key: 0x2e


EOF: 0xcfd0
Malware Size: 0xc77a
Name: .files
Target Size: 0x816
Key: 0x32


EOF: 0xc629
Malware Size: 0xc498
Name: 04 - Downloads.lnk
Target Size: 0x151
Key: 0x2e


EOF: 0xb871
Malware Size: 0xac0a
Name: MicrosoftInternetExplorer2013.xml
Target Size: 0xc27
Key: 0x2e


EOF: 0x9e25
Malware Size: 0x9000
Name: customizations.xml
Target Size: 0xde5
Key: 0x2f







/tmp/infected2/443f1a7d68ddd055d788da40e0693cfd7f06c61db7c7a7c2842596bbdfb70e11
EOF: 0x3d6874
Malware Size: 0x5035e
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x4f1cf
Malware Size: 0x4e000
Name: KB2919442.nupkg
Target Size: 0x118f
Key: 0x2e







/tmp/infected2/5acf30a3d0132ad82c85cc2be94c868243b18ddd2ad6c04ae58275d5885f5e1b
EOF: 0x17c192
Malware Size: 0x13702
Name: components.json
Target Size: 0x168a50
Key: 0x34


EOF: 0x12cde
Malware Size: 0x1227a
Name: python.nuspec
Target Size: 0xa24
Key: 0x33


EOF: 0x120fe
Malware Size: 0x11f42
Name: desktop.ini
Target Size: 0x17c
Key: 0x2f


EOF: 0x11527
Malware Size: 0x10acc
Name: Google Chrome.lnk
Target Size: 0xa1b
Key: 0x32







/tmp/infected2/89014a3eb99358d0938e1fa45f7328ef28518c4fc1db4b331dc1a3f41a3debd9
EOF: 0x3bf6b1
Malware Size: 0xc8cc
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0xb8cc
Malware Size: 0xa88c
Name: UpdateSessionOrchestration.020.etl
Target Size: 0x1000
Key: 0x31







/tmp/infected2/82c974d6a04dfe262fa15d1677e7b4ab42f3adce311f287ee7c57e52b854ca75





/tmp/infected2/f31d1e66c4668708f820b85e540c7cb2a710465bb04389e61b210adeca83f880
EOF: 0x3a02f2
Malware Size: 0x19ddc
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x19b9c
Malware Size: 0x1991c
Name: desktop.ini
Target Size: 0x240
Key: 0x35







/tmp/infected2/d7475b3420af1e80a8ea61d551fdb7cb5eed9fd28405905a9d5ad1bbd90107a4





/tmp/infected2/07c7864f8d7c1219f3cc3aa56c830b876b8623eb88387d716bd15b5d2fbd44d8
EOF: 0x3b33e4
Malware Size: 0x2cece
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0x2cd64
Malware Size: 0x2cbba
Name: MS.OUTLOOK.12.1033.hxn
Target Size: 0x16a
Key: 0x2e


EOF: 0x593c0
Malware Size: 0x2c7ce
Name: Internet Spades.lnk
Target Size: 0x1d2
Key: 0x32


EOF: 0x2c407
Malware Size: 0x2c000
Name: setup.ini
Target Size: 0x3c7
Key: 0x2f







/tmp/infected2/6e6a3d10c0f31575a96c7ea4a5e2020fca0fa49270307f89410d18245808e5c3
EOF: 0x403361
Malware Size: 0x5057c
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x4f2de
Malware Size: 0x4e000
Name: KB3033929.nupkg
Target Size: 0x129e
Key: 0x34







/tmp/infected2/f43c85e6fad72eb940df175e3a078077f81dd4baae122a9d49a853fcf2baf0b9
EOF: 0x2b4a84
Malware Size: 0xac44
Name: AcroRead.msi
Target Size: 0x2a9e00
Key: 0x30


EOF: 0xa784
Malware Size: 0xa284
Name: Firefox.lnk
Target Size: 0x4c0
Key: 0x2e


EOF: 0xa282
Malware Size: 0xa240
Name: clist.exe.ignore
Target Size: 0x2
Key: 0x34


EOF: 0xa004
Malware Size: 0x9d88
Name: .files
Target Size: 0x23c
Key: 0x32


EOF: 0x9c0c
Malware Size: 0x9a50
Name: desktop.ini
Target Size: 0x17c
Key: 0x34


EOF: 0x989f
Malware Size: 0x96ae
Name: user-40.png
Target Size: 0x1b1
Key: 0x30


EOF: 0x946e
Malware Size: 0x91ee
Name: desktop.ini
Target Size: 0x240
Key: 0x31


EOF: 0x90d8
Malware Size: 0x8f82
Name: desktop.ini
Target Size: 0x116
Key: 0x34


EOF: 0x8b26
Malware Size: 0x868a
Name: Disk Cleanup.lnk
Target Size: 0x45c
Key: 0x32


EOF: 0x84ff
Malware Size: 0x8334
Name: .arguments
Target Size: 0x18b
Key: 0x34


EOF: 0x82b3
Malware Size: 0x81f2
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x76b4
Malware Size: 0x6b36
Name: 705__Connections.provxml
Target Size: 0xb3e
Key: 0x35







/tmp/infected2/bff951d882931f51633261f464f00107e1625ecbe6630ede2d9450ed9853d1de





/tmp/infected2/9720611a79140f5ec44b34b21e66024874c2e70cad4833624ed97d1b12e3037a
EOF: 0x393032
Malware Size: 0xcb1c
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0xc991
Malware Size: 0xc7c6
Name: .arguments
Target Size: 0x18b
Key: 0x35


EOF: 0xbaca
Malware Size: 0xad8e
Name: 36b78e90-ebc0-390f-f377-1960da83a936.xml
Target Size: 0xcfc
Key: 0x31


EOF: 0xa542
Malware Size: 0x9cb6
Name: Acrobat Reader DC.lnk
Target Size: 0x84c
Key: 0x33


EOF: 0x13420
Malware Size: 0x9732
Name: LICENSE.txt
Target Size: 0x29e
Key: 0x35


EOF: 0x12e2a
Malware Size: 0x96c0
Name: _processed.txt
Target Size: 0x15
Key: 0x35


EOF: 0x12bc4
Malware Size: 0x94cc
Name: setup.ini
Target Size: 0xd6
Key: 0x2f


EOF: 0x94ca
Malware Size: 0x9488
Name: cuninst.exe.ignore
Target Size: 0x2
Key: 0x34


EOF: 0x8a64
Malware Size: 0x8000
Name: python.nuspec
Target Size: 0xa24
Key: 0x35







/tmp/infected2/181379e11e79e729934eeffba994f5ba46bec477044725eaa82198b80fbd7325
EOF: 0x4a598e
Malware Size: 0xef7e
Name: AI041033.am
Target Size: 0x4969d0
Key: 0x31


EOF: 0xeefd
Malware Size: 0xee3c
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0xecd8
Malware Size: 0xeb34
Name: MS.GROOVE.12.1033.hxn
Target Size: 0x164
Key: 0x33


EOF: 0xe5e2
Malware Size: 0xe050
Name: desktop.ini
Target Size: 0x552
Key: 0x2e


EOF: 0xd72c
Malware Size: 0xcdc8
Name: RefreshEnv.cmd
Target Size: 0x924
Key: 0x32


EOF: 0xcc87
Malware Size: 0xcb06
Name: 10 - UserProfile.lnk
Target Size: 0x141
Key: 0x33







/tmp/infected2/7c0dac1aedf2c8d38730ccb61161afb03383abee472beadd2f20dea6aed2d8c4
EOF: 0x3913da
Malware Size: 0xaec4
Name: chs_boot.ttf
Target Size: 0x3864d6
Key: 0x31


EOF: 0xad66
Malware Size: 0xabc8
Name: MS.MSPUB.12.1033.hxn
Target Size: 0x15e
Key: 0x2f







/tmp/infected2/52a872eac1f2d8cfe08d95165b35c77bdfc1c38089452890a1ae879f48ef5914
EOF: 0x1cc0a4
Malware Size: 0x11a9a
Name: utc.privacy.diffbase
Target Size: 0x1ba5ca
Key: 0x2e


EOF: 0x10eab
Malware Size: 0x1027c
Name: 13d562.rbf
Target Size: 0xbef
Key: 0x30


EOF: 0xefde
Malware Size: 0xdd00
Name: KB3033929.nupkg
Target Size: 0x129e
Key: 0x2f


EOF: 0xdb84
Malware Size: 0xd9c8
Name: desktop.ini
Target Size: 0x17c
Key: 0x30


EOF: 0xd947
Malware Size: 0xd886
Name: desktop.ini
Target Size: 0x81
Key: 0x32


EOF: 0xd455
Malware Size: 0xcfe4
Name: AutoIt Help File.lnk
Target Size: 0x431
Key: 0x30







/tmp/infected2/53fba315ad638090c2c9b26733270cdf57088d65df76c0f3d9eac2128e2c3dcb
EOF: 0x4aa770
Malware Size: 0x13d60
Name: ///2///2///2///2///2///2///2///2///2///2///2///2
Target Size: 0x322f2f2f
Key: 0x2f





/tmp/infected2/bcdb471c54de29ef87e94fd58380097025a1405db5c267b834ac62e6779c4ee8
EOF: 0x3974d0
Malware Size: 0x10fba
Name: RefreshEnv.cmd
Target Size: 0x924
Key: 0x32


EOF: 0x10e06
Malware Size: 0x10c12
Name: ntuser.pol
Target Size: 0x1b4
Key: 0x30


EOF: 0x10855
Malware Size: 0x10458
Name: MicrosoftNotepad.xml
Target Size: 0x3bd
Key: 0x35


EOF: 0x20542
Malware Size: 0x100b2
Name: .files
Target Size: 0x1af
Key: 0x34


EOF: 0xf5f3
Malware Size: 0xeaf4
Name: 13d55e.rbf
Target Size: 0xabf
Key: 0x2f


EOF: 0xdaf4
Malware Size: 0xcab4
Name: 13d55e.rbf
Target Size: 0xabf
Key: 0x2f


EOF: 0xbf4d
Malware Size: 0xb3a6
Name: 13d55f.rbf
Target Size: 0xb67
Key: 0x34


EOF: 0xa98b
Malware Size: 0x9f30
Name: Google Chrome.lnk
Target Size: 0xa1b
Key: 0x33







/tmp/infected2/8ddb9af045373dbb4b6add5593cc1398fb18765ca4f256959b6c4b04b3a644e3
EOF: 0x3e1e03
Malware Size: 0x2f01e
Name: cht_boot.ttf
Target Size: 0x3b2da5
Key: 0x30


EOF: 0x2ed9a
Malware Size: 0x2ead6
Name: 208__Connections.provxml
Target Size: 0x284
Key: 0x34


EOF: 0x2e2c4
Malware Size: 0x2da72
Name: 208__Connections.provxml
Target Size: 0x284
Key: 0x34


EOF: 0x2d9f1
Malware Size: 0x2d930
Name: desktop.ini
Target Size: 0x81
Key: 0x2f


EOF: 0x2d6cd
Malware Size: 0x2d42a
Name: RegisterInboxTemplates.ps1
Target Size: 0x263
Key: 0x35


EOF: 0x2d2a2
Malware Size: 0x2d0da
Name: MS.MSACCESS.DEV.12.1033.hxn
Target Size: 0x188
Key: 0x2f


EOF: 0x2c93b
Malware Size: 0x2c15c
Name: About Java.lnk
Target Size: 0x79f
Key: 0x2e


EOF: 0x2bcd5
Malware Size: 0x2b80e
Name: Mozilla Firefox.lnk
Target Size: 0x487
Key: 0x2f


EOF: 0x2aeea
Malware Size: 0x2a586
Name: RefreshEnv.cmd
Target Size: 0x924
Key: 0x2e


EOF: 0x2a10b
Malware Size: 0x29c50
Name: Mozilla Firefox.lnk
Target Size: 0x47b
Key: 0x32


EOF: 0x29ae6
Malware Size: 0x2993c
Name: MS.ONENOTE.12.1033.hxn
Target Size: 0x16a
Key: 0x2f


EOF: 0x293f5
Malware Size: 0x28e6e
Name: Sticky Notes.lnk
Target Size: 0x547
Key: 0x34


EOF: 0x28990
Malware Size: 0x28472
Name: XPS Viewer.lnk
Target Size: 0x4de
Key: 0x31


EOF: 0x27f84
Malware Size: 0x27a56
Name: Task Scheduler.lnk
Target Size: 0x4ee
Key: 0x30


EOF: 0x278c2
Malware Size: 0x276ee
Name: MS.INFOPATHEDITOR.12.1033.hxn
Target Size: 0x194
Key: 0x31


EOF: 0x266ee
Malware Size: 0x256ae
Name: 00010008.dir
Target Size: 0x1000
Key: 0x34


EOF: 0x25550
Malware Size: 0x253b2
Name: MS.MSPUB.12.1033.hxn
Target Size: 0x15e
Key: 0x30


EOF: 0x24acc
Malware Size: 0x241a6
Name: Google Chrome.lnk
Target Size: 0x8e6
Key: 0x34


EOF: 0x2403c
Malware Size: 0x23e92
Name: MS.SETLANG.12.1033.hxn
Target Size: 0x16a
Key: 0x34


EOF: 0x23b12
Malware Size: 0x23752
Name: Release Notes.lnk
Target Size: 0x380
Key: 0x2f


EOF: 0x233c9
Malware Size: 0x23000
Name: VLC media player skinned.lnk
Target Size: 0x389
Key: 0x2e