I tried running the file.exe created, it does not appear to do anything. It’s important but I don’t know what to do with it just yet.
The thing I find odd was the hex was given in a png, that’s worth checking out.
I have both sets of files on my SIFT Workstation. I will start with my favorite tools.
strings cyber.png | less
Take a look in the file, here is something worth looking at.
]iTXtComment QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR 78jKLw==2
Comment : QkJCQjIAAACR2PFtcCA6q2eaC8SR+8dmD/zNzLQC+td3tFQ4qx8O447TDeuZw5P+0SsbEcYR.78jKLw==
Down at the end is what we are looking for in the Comment section.
That definitely is Unicode. I have a script around to decode that somewhere for part 5..